Novell Confidential 


Novell 
iFolder® 


2.1 


Manual (99a) 21 December 2004 


www.novell.com 


INSTALLATION AND ADMINISTRATION 
May17, 2005 GUIDE 


Novell. 


Novell Confidential Manual (99a) 21 December 2004 


Legal Notices 


Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express 
or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to 
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. 


Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties 
of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, 
at any time, without any obligation to notify any person or entity of such changes. 


You may not export or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations 
or the laws of the country in which you reside. 


Copyright ©2002-2004, 2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval 
system, or transmitted without the express written consent of the publisher. 


Patents pending. 


Novell, Inc. 

404 Wyman Street, Suite 500 
Waltham, MA 02451 

U.S.A. 


www.novell.com 


Novell iFolder 2.1 Installation and Administration Guide 
May 17, 2005 


Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see 
www.novell.com/documentation. 


Novell Confidential 


Novell Trademarks 


BorderManager is a registered trademark of Novell, Inc. in the United States and other countries. 


ConsoleOne is a registered trademark of Novell, Inc. in the United States and other countries. 
eDirectory is a trademark of Novell, Inc. 

Group Wise is a registered trademark of Novell, Inc. in the United States and other countries. 
iChain is a registered trademark of Novell, Inc. in the United States and other countries. 
NetWare is registered trademark of Novell, Inc. in the United States and other countries. 
Novell is a registered trademark of Novell, Inc. in the United States and other countries. 
Novell Client is a trademark of Novell, Inc. 

Novell Cluster Services is a trademark of Novell, Inc. 

Novell iFolder is a registered trademark of Novell, Inc. in the United States and other countries. 
Nterprise is a trademark of Novell, Inc. 

SUSE is a registered trademark of SUSE LINUX AG, a Novell company. 

ZENworks is a registered trademark of Novell, Inc. in the United States and other countries. 
ZENworks OnDemand Services is a trademark of Novell, Inc. 


Third-Party Materials 


All third-party trademarks are the property of their respective owners. 


Manual (99a) 21 December 2004 


4 


Novell Confidential 


Novell iFolder 2.1 Installation and Administration Guide 


Manual (99a) 21 December 2004 


Novell Confidential Manual (99a) 21 December 2004 


Contents 
About This Guide 11 
1 Overview of iFolder 13 
Benefits: of iFolder for the Enterprise... oem a ee ok fn he ee Ñ 13 
Seamless Data Access. orcs cach E PA he BR oe hie eee SE Sa Be A 14 
Data Safeguards and Data Recovery... 2... 2 aaa a 14 
Reliable:Data Security’ sie da t bs 2 eatin ee tien & Be ann’: saad AA Date a E aK 8 14 
Productive Mobile‘Wsers=.. 20 6 pak E er Eee Ae BS ke ee E E e fa EA A L s 14 
Cross-Platform Support: 2.2.05 bev eb eee en eee a ee OG eee N 15 
large-scale: Deployment ais E TRT ee Be ee ees ek et Ek es Nee Ge PE A eee i 15 
Simple Data and Account Management ... 2... 2. a 15 
No Training Requirements ... . aoaaa 15 
Benefits: of. iFolder for Users’. porera a eo A A a a OP ee Pe ee 15 
Key Features- Of iFolder sco a one Skt ted eh Ra eee OD OR R Ge Erie nee BAe A eae 4 16 
Novell NetDriVe': scai aii gone oe ea ee a te ele e Bodo PD eee Be Poke gue ee ake A peg 18 
Whats ‘New. leia ta A Ae Pe Re Bae eae ee ea Ro Ta PR Bal ok eM eA Rl 18 
Whats Next: 0 sce eee a ote Se Boe got A te ea ee oe Oe EE Soe y ee OY 4 18 
2 Understanding the Novell iFolder Architecture 19 
Large-Scale Deployment... . 2. 2 2. a ee 20 
Web Servers:and IFOIGGf od it Am os es Bk ete Sees Se eh eine gE ims a da 20 
LDAP and IFolder -i cio coi io ee be Bebe e eR ee Re be a ee 20 
LDAP: Directories: ei ade al BERR ERA ee e ba eae eA ee Boe es 20 
Authentication and Synchronization . . . 2... a 21 
For, More: Informations. sisis aoe TAE E, a Se E a eee AA Ea AA 2S Ale e ee E R 21 
3 Preparing to Install iFolder 2.1 23 
Installation Scenarios for (Folder 2.1 ............... a 23 
Installation Scenarios for (Folder 2.1.x... aoaaa a 24 
Installing (Folder 2.1.1 with NetWare 6.5 ............. ee 24 
Installing iFolder 2.1.2 with NetWare 6.5 Support Pack T... 2.0.0.0 0 eee 24 
Installing iFolder 2.1.2 with Novell Nterprise Linux Services . . . 2... o... . . . . 0... o... 25 
Installing iFolder 2.1.3 with Windows 2003 Server ................. .. e... 25 
Installing iFolder 2.1.5 with Open Enterprise Server... 2... 2... a e 25 
Upgrade: Scenarios. tor (EOIder #602 o Sebo Soe PAs GO Be Se Re te ees Sa A R e E R RTE A 26 
Prerequisites for iFolder 2.1... 2 R apa RRR RER RRR R R RRR ee 26 
Prerequisites for All ¡Folder 2.1 Servers .. 2... 2... a 27 
Prerequisites for NetWare Servers for iFolder 2.1 ....... 0... 000 ce 27 
Prerequisites for Windows 2000 Servers for (Folder 2.1 . . 2.000000 ee e... 28 
Prerequisites for Linux Servers foriFolder2.1 . 0.0.00. 00 2 a 29 
Prerequisites foriFolder2:1.X na s ar E R R R a kacr a Luah 30 
Download Instructions for iFolder2.1.. 0.0.0.0. 0. a 30 
Downloading Novell iFolder 2: T x. 2. SC RT dee a Son R we et pa Se ae a ee ede 30 
Downloading Novell eDirectory or Microsoft Active Directory... .......-...0 0000022 eee ee 31 
What SNextz Ci E ata ose Se Mee ee e ee eA yh det eG ee A ed oe Re ee ee 31 


Contents 5 


Novell Confidential 


10 


11 


6 


Installing iFolder 2.1 on NetWare 33 
Confirming’ Prerequisites crio ew KR. KT E K R Ñ RTE Si WA ee wee ok BAG Ge tl ees 33 
Installing:iFolder Server 4 w T R eee es Ge ai Be a ae ee LS Ge GE es 33 
What's: Next 20:25. lr a bh a ech tee eles we Eee Rone Se eee OE AOE ae ES 37 
Installing iFolder 2.1 on Windows 2000 Server 39 
Confirming: Prerequisites a. +. £ e c cel a e ie E R, Be ee ae ta RTE ee bat ate ee eae 39 
Installing ¡Folder on Windows/IIS/eDirectory .. 2... aa 39 
Installing ¡Folder on Windows/IIS/Active Directory 2... e... e... 43 
Whats: NeXt- s ictor i m ata rr duk ee bob BR he Pao eee A Oo dk pa A 46 
Installing iFolder 2.1 on Red Hat Linux 8 47 
Installing Apache 2.0.43 on Red Hat Linux 8 . ................ ee 47 
Confirming Prerequisites .. .. . 2 0. aa a 48 
Installing iFolder Server, UsingaGUl. . 1... ET e R i ERT R R KRE E a AE T 48 
Installing iFolder Server, Using a Console ............ a 51 
Whats:Next.: 2 c ladra aa AAA tE AE AA 53 
Installing ¡Folder 2.1.2 on Novell Nterprise Linux Services 55 
Whats: Next reos a a a o oe ee a A A ale bce Bub Ged ee, poke RR E 55 
Installing ¡Folder 2.1.3 on Windows 2003 and Windows 2000 Server 57 
Confirming. Prerequisites: 34205. uds eae da e A ee AE A Dw ee E eek 57 
Installing ¡Folder on Windows/IIS/eDirectory .. 2... a 57 
Installing ¡Folder on Windows/IIS/Active Directory 2... o... e... 61 

Post-Install Procedures... 3.4. ese Sn Re bee a a e ee et 64 
Whats Nexe u okie Uae ae ae sind helo Pe BAe Hee ano GRA AA ae eeu fy a ae 65 
Installing iFolder 2.1.5 on Windows 2000 and Windows 2003 Server 67 
Prerequisites for Windows 2000/ Windows 2003 Servers .. .. . . o... 67 
Installing ¡Folder on Windows/IIS/eDirectory . ............. a 68 
Installing ¡Folder on Windows/lIS/Active Directory . .......... o... e... 71 
Installing ¡Folder 2.1.5 on OES for Linux 77 
Confirming Prerequisites ............... 77 
Configuring the ¡Folder 2.x Server Using OES YaST Install. . . a ee 78 
Manual Configuration of the iFolder 2.x Server for OES .. 1... 79 
Configuring iFolder Server on Machine with Multiple NICs... 2. e... eo... 80 

During OES Installation’. ooo. doe bee eee RR be bo eee bee eb ba Babe 80 

Post Installation, e re Tac T a Se ae OR E A A SS a i OM ee OR ee 81 
Configuring iFolder on an NSS Volume... 2... aaa 81 

Using local LDAP’). 2 race ta Ge are BA AOS cave ee hat te rea ba Sate ek eee 81 

Using ‘Remote: EDAP: ooo cla na ewer da ee Pa he eh ale ae Leek Ba ba eee we 82 
Uninstalling:ikdlder:Sérver <<. ioe ae Bhd ody SE ede Ares BA So Ee ns ae Se eee el AS A Se a 82 
Accessing iFolder in Coexistent Mode . . 000 0 82 
Accessing iFolder in Standalone Mode ............. a 83 
Post-Install'Guidelinesy 2.0.0 cos ore a bw ee PEA A e Do Pb ae ae eee eae bb a eee bs 83 
Post Install Verification and Troubleshooting . ............ ee 83 
iFolder Client Features. o oca eou eee be ae a ee be ee RR Ree ee ee be ba ee es 83 
Whats:Nexts: 2° at co acne i e a eo ee BA Aaa ES teeing OO ae BG Ie AR Se Pave le Oo ed wg 84 
Using the iFolder Management Console to Configure Your iFolder System 85 
Accessing ¡Folder Web Interfaces. ............. a aa aa a a a 85 

The ¡Folder Management Console for Administrators... aaa a a 85 

ThejiFolder WebSite for Users’ 20000000 gaa a a aaa a eel RR ee BA A Aa O e E nap a 86 

The Novell NetStorage Interface for ¡Folder 2.1.x... 0... aaa ee 89 
Configuring Your First iFolder Server. . 2. a 90 


Novell iFolder 2.1 Installation and Administration Guide 


Manual (99a) 21 December 2004 


Novell Confidential 


12 


13 


14 


15 


16 


Manual (99a) 21 December 2004 


Logging In to the ¡Folder Management Console .... 2... 0. e... 90 
Identifying the iFolder Objects in the Schema . .. aaou aaa a 92 
Defining Your User Contexts. i: fee A ASS, Se RR et Se, Ha Se ee e tl EA T R 93 


Provisioning User Objects for ¡Folder Services... 2... 0... ... . . e... eee 94 


Configuring Your User LDAP Server ............. a 96 

Whats: Next: o aaa A A a A A A A 98 
Configuring iFolder on Additional Servers .............. 98 
Managing ¡Folder User Accounts 101 
Enabling iFolder Services for Users ............ ee 101 
Adding User Objects to the User LDAP Directory from ¡Folder User Management .................. 102 
Configuring Global Client Policies . . .......... 0... o... 102 

Understanding iFolder Client Policies... . oaa aaa a 103 

Examples of Global Client Policies... 2... 2... aaa a 105 
Using the Remember Password Option .............. a 106 
Configuring the Security Passphrase. ........... 107 
Searching for Users in a User LDAP Directory... aooaa aaa a 108 
Viewing a User's iFolder Account Information... aooaa a a 110 
Modifying Individual User Client Policies... 2. 2... o... o... e... 113 
Recovering Passphrases. ... 2... ee ee 114 
Restoring Deleted or Corrupted Files... 2. ee a a ee 115 
Deleting User Data on the Server ............. a 116 

Preventing Data Loss When Resetting User Accounts. .......... o... . 000 eee ee ee 116 

Using'the'Conflict'Bin. Fo. 4 baw eh ach be Pee ee ea Ow Pale ae a dee bbe Gees 117 
Managing iFolder Servers 119 
Adding ¡Folder Servers: din ok. ees A SA Se eS ee Se A a ee Ba eh ee ae ES 119 
Configuring Global Server Policies . . . oaa aaa a 119 
Managing the User Disk Quotas for (Folder User Accounts . . aoaaa a 120 
Managing User LDAP Servers 123 
Modifying User Contexts for the User LDAP Server .............. a 123 
Adding a User LDAP Server to the iFolder System. . . oaoa a 124 
Adding a User LDAP Server for a Linux-Based ¡Folder 2.1.2 Server. ................ ee 124 
Replacing a User LDAP Server for the iFolder System. . .. 2. 0. aaa a 126 
Replacing a User LDAP Server for the Linux-Based ¡Folder 2.1.2 Seer... 126 
Deleting a Single User LDAP Server from the iFolder System... aaao aaa a a 126 
Deleting All User LDAP Servers from the iFolder System .. . a. aaou 2. a 127 
Using Clear Text or SSL Connections to the User LDAP Server... . 2... 0.0... 00.02 . . . eee eee 127 
Monitoring Your iFolder System 129 
Accessing the ¡Folder System Monitoring Tool. . aoaaa aaa o... 129 
Monitoring User LDAP Server Status. .............. a 130 
Monitoring Folder- Server Status)... es: se eee ee Re a ee ee a A ee ee 130 
Stopping Synchronization between iFolder Servers and Clients... a a aaa aa . . . . . .. 131 
Debugging Synchronization Activity on Your iFolder Server... aoaaa aa e... e... 131 

Using Debug Output in ¡Folder 2.1.x for NetWare Servers... 2... e... . . . . 0... 132 

Using Debug Output in ¡Folder 2.1 for Windows 2000 Servers ............. ... . . . . . e... . 132 

Using Debug Output in ¡Folder 2.1 for Linux Servers ............ e... . e... 132 

Using Debug Output in ¡Folder 2.1.2 for Enterprise Linux Servers . ............... . . . . . . . . .. 133 
Generating Reports for Your ¡Folder System 135 
Reporting General Information. ........... ee 135 
Reporting ¡Folder Server Information. .. ooi e a a R e e RR E E R RET RR RRR RT 136 
Reporting User LDAP Server Information . ................ a 137 
Reporting ¡Folder User Account Information. ©... 0. e... 137 
Creating Reports’. > < a R R a Pa he ba eee Pan eb bee SPs eee bee Da ee ba ee Bes 139 


Contents 7 


Novell Confidential 


17 


Exporting and Manipulating Reports ............ 00 0 ee 139 
Printing Report s na os Z 9 ER INA a ae eh ee a be a CP Pale aa pe hee ee a ea ee 139 
In-Depth Look at Authentication, Encryption, and Synchronization 141 
Authentication and: Encryption: i void oo ee E a E A A A ee Sa ee ee 79 141 
Synchronization... 5 Ra: r Z ee 142 
Coexistence and Migration Issues 143 
Coexistence tics e ROR RR A BE ok RM ss oe Bo a ao MI ee MA ee 143 

Compatibility- Ss 5:02 Scare vg es Qe lee bce Brel A E R wa T 143 

Coexistence:ISSues:. oso tee e Gk Soe sk BAP oie Aaa se wae A Shoe ao aw Se Rae as a 143 
iFolder:2.x Migration: ISSUES: | opos a ee a ee a A Re AA 144 

Migration Tog] grs i a E RR E E R Bon ee Pe e A a E hk Be Adie e Rag ee 144 

Recommended Procedure for NetWare-to-NetWare Migrations... .......... 0.000 eee eee 144 

Post-Migration: Issues: +... oir 4 4,43 ba a a ea ae a ee Beg Ge dass 145 
Upgrading from iFolder Standard Edition to iFolder 2.1 147 
Conflict in the Passphrase Storage Method between ¡Folder 1.x and iFolder 2.1. ................... 147 
Upgrading Manually from iFolder 1.x to iFolder 2.1... 0... .. e... e... 147 
Compatibility Issues between ¡Folder Client and Server Versions . ............ o... . . . . . . . . .. 148 
Configuring ¡Folder on Novell Cluster Services 149 
References for Setting Up Clusters on NetWare .. 2... a 149 
Configuring an iFolder Server Cluster on NetWare 5.1 and 6.0. ........ 0... . 000 eee ees 149 
Configuring an iFolder Server Cluster on NetWare 6.5 and Later. ........ 0... 0.000000 . . . . eee 151 

Preparing to Configure Your ¡Folder Server Cluster... 2... 0... .... e... .o eo... 152 

Configuring Your ¡Folder Cluster Solution. . ............ o... oo... o... 154 
Interoperability Issues 159 
BorderManager O AAA iii Ee OR E A PR CSS Bee ic 159 
GroupWise 5.5 and Later ........... 160 
iChain- Tais a a A a a a a de Goh A A date de de A Gei 160 
Nel IVE < bs a a AAA A A A ADE ATA ATR eR OES bane ete 161 
ZENWOrkS:ONDEMANd 20:01 E AR EA A AA A e Be Wee RR 161 
SECUELA A A RER be a Bop e aia 162 
Port Number Assignments and Availability in Novell Products . . .......... 0... . e... . . . . . . ... 162 
Tips and Tricks for Optimizing ¡Folder 163 
Optimizing the Available Space . . . o.oo aaa e 163 
Optimizing Synchronization Delay and Polling Frequency . . aoaaa e... 163 
Increasing Apache Threads .... 2... X Z Z RR A R A RR AAT RR d ma a aaua e KAA 163 

NetWare Servers: «faces Ae Eas eek SSE Pk NB bok ee Re ee a Ba Be TE 163 

LINUX: SORVENS: te. oa Bas BO ee rae ee ea ee oe ee E 164 
AddingiMore:RAM: ee a i i rene A a hoe ees Ha AR Ge a OE oh Gre GPa Payee ote Re ai 164 
Synchronizing iFolder ClientData.. coia r s s aa au R RRR e a a a E E a aaa RRR RRR 164 
Frequently Asked Questions 165 
What is an iFoldér:server?. Gh ce ea ok RRR EADS eek ce Ee gk a aa HS A en Be ee 166 
Can | synchronize my home directory on the network with my local iFolder directory? . . . . oaoa aaa aaa 166 
Can | restore files if a user has deleted them from a local ¡Folder directory? . . 0... . o... ... 166 
Are the users’ ¡Folder files stored encrypted on their local workstati0nS?. . . 0... a 166 
How many directories can each user have in an iFolder account? ... o... o... o... a 166 
Is there a maximum file size that can be synchronized to the ¡Folder server? .......... 0... ....... 167 
What is the maximum storage quota for an ¡Folder account? . ....... o... o... . e... 167 
How many concurrent connections to ¡Folder accounts does each (Folder server support? ............... 167 
What is the key factor that limits the number of users an iFolder server can support? ................. 167 
When a user makes changes to a file, what portion of the file is sent across the wire to the iFolder server?. ..... 167 


Novell ¡Folder 2.1 Installation and Administration Guide 


Manual (99a) 21 December 2004 


Novell Confidential Manual (99a) 21 December 2004 


What happens to a user's files if the user changes the location of the local iFolder directory? ............ 167 
After installing iFolder 2.1 on a Microsoft 2000 server with IIS and Active Directory, | cannot create an iFolder_ServerAgent. 
168 
After installing iFolder 2.1 on a Microsoft 2000 server with IIS and Active Directory, | cannot create a new user with the 
¡Folder Management Console... .. 2... 2... 0  a 168 
Why do my users have trouble logging in to the iFolder server across the Internet, but can log in while on the corporate 
NEtWOrK 22 S ar RR E E oe died ke he T Bea E ee ee EA 168 
When | attempt downloading the iFolder client from the server page, instead of downloading the client, it shows junk 
characters? How can | resolve this? .. 2. 2. 0... .... .. . e... 168 
Why am I not able to see the available updates even though my redcarpet server has the later version of novell-ifolder- 
client than that | have on my Linux box? . . . 2. 2... ee 168 
¡Folder 2.1.3 on Windows 2003 Server FAQs .. 1... aaa a 169 
Why is the iFolder Administration page displaying error message such as “The application called an interface that was 
marshalled for a different thread”? What can | do to resolve this? . ........... 0... ....... 169 
Why is the ¡Folder Advanced Search failing with the error "Bad Request (Invalid URL)? ............. 169 
The ¡Folder login is failing for a multi- home Web site. What can | do to resolve this? . .............. 169 
¡Folder fails to work after renaming domain controller. What can | do to resolve this? . . ............. 169 
G Uninstalling iFolder 2.1 on a Red Hat Linux 8 Server 171 
Uninstalling iFolder 2.1 from a Red Hat Linux 8 Server ................ . . o... 171 
Removing ¡Folder 2.1 Objects from the eDirectory Schema . ........ 0... . .. . o... 171 
Uninstalling Apache 2.0483... 172 
H Product History of iFolder 173 
Network Operating Systems Support... 2... ee 174 
Directory Services: Supports. -e ss s ee A ee ke 174 
Workstation Operating Systems Support for iFolder Client... . ooa aaa ee . . .. 175 
Web: Server Support! ica caia Te GOR eee hos ol ae eee as Ee Fa ha ae he ee 175 
iFolder‘User Access Supports. ereo oe pe ee Bee Bok Gon eG ee e Sve Poe AE Rae eee Ñ 175 
Feature. Support.) m eae tal o Ae hk te ik et ete O E eo E Seed Wet es 176 
Server Platform Options Included in Your Release... oaa aaa e... 176 


Contents 9 


Novell Confidential Manual (99a) 21 December 2004 


10 Novell iFolder 2.1 Installation and Administration Guide 


Novell Confidential 


Manual (99a) 21 December 2004 


About This Guide 


This guide describes how to install, configure, and manage Novell® iFolder® 2. 1x. 


The guide is intended for iFolder administrators and is divided into the following sections: 


+ 


+ 


+ 


+ 


Chapter 1, “Overview of iFolder,” on page 13 

Chapter 2, “Understanding the Novell iFolder Architecture,” on page 19 

Chapter 3, “Preparing to Install iFolder 2.1,” on page 23 

Chapter 4, “Installing iFolder 2.1 on NetWare,” on page 33 

Chapter 5, “Installing iFolder 2.1 on Windows 2000 Server,” on page 39 

Chapter 6, “Installing iFolder 2.1 on Red Hat Linux 8,” on page 47 

Chapter 7, “Installing iFolder 2.1.2 on Novell Nterprise Linux Services,” on page 55 
Chapter 8, “Installing ¡Folder 2.1.3 on Windows 2003 and Windows 2000 Server,” on page 57 
Chapter 9, “Installing iFolder 2.1.5 on Windows 2000 and Windows 2003 Server,” on page 67 
Chapter 10, “Installing iFolder 2.1.5 on OES for Linux,” on page 77 


Chapter 11, “Using the ¡Folder Management Console to Configure Your ¡Folder System,” on 
page 85 


Appendix A, “In-Depth Look at Authentication, Encryption, and Synchronization,” on 
page 141 


Appendix B, “Upgrading from iFolder Standard Edition to iFolder 2.1,” on page 147 
Appendix C, “Configuring iFolder on Novell Cluster Services,” on page 149 
Appendix D, “Interoperability Issues,” on page 159 

Appendix E, “Tips and Tricks for Optimizing iFolder,” on page 163 

Appendix F, “Frequently Asked Questions,” on page 165 

Appendix G, “Uninstalling iFolder 2.1 on a Red Hat Linux 8 Server,” on page 171 
Appendix H, “Product History of iFolder,” on page 173 


Additional Documentation 


For documentation on installing, configuring, and managing iFolder, see the following: 


+ 


+ 


Online documentation for iFolder server and client (http://www.novell.com/documentation/ 
lg/ifolder21/index.html) 


Novell ¡Folder Cool Solutions Web site (http://www.novell.com/coolsolutions/ifmag) for tips 
and tricks 
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+ Novell iFolder Support Knowledgebase Web site (http://support.novell.com) for emerging 
issues for iFolder server and client 


Documentation Updates 


For the most recent version of the Novell iFolder 2.1 Installation and Administration Guide, see 
the Novell ¡Folder Documentation Web site (http://www.novell.com/documentation/lg/ifolder21/ 
index.html) 


For emerging issues, see the Novell iFolder 2.1 Readme Addendum (Technical Information 
Document 10079972) (http://support.novell.com/cgi-bin/search/searchtid.cgi?/10079972.htm). 


Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
within a cross-reference path. 


A trademark symbol e TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party 
trademark. 


When a single pathname can be written with a backslash for some platforms, or a forward slash 
for other platforms, the pathname is presented with a backslash. Users of platforms that require a 
forward slash, such as UNIX* should use forward slashes as required by the software. 
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g Overview of iFolder 


Novell® iFolder® 2.1 is a Net services software solution that lets mobile professionals access their 
local files from anywhere—online, offline, all the time—across multiple workstations and the Net. 
All the user needs is an active network or Internet connection and the iFolder client, a Web 
browser, or NetDrive. 


For a user, iFolder is like having a single, virtual work folder accessible from any computer. It 
provides a simple, convenient, and secure way to access, back up, and synchronize files. Whether 
working on an office or home computer, on a disconnected notebook, or even at an Internet kiosk 
in an airport halfway around the world, his files are instantly available. 


When connected to the iFolder server, iFolder automatically backs up the work done on local files 
to an account on the iFolder server. Files are always protected and easily recovered in the event 
the local data is lost. And later, when the user moves on to a different location and a different 
computer, iFolder automatically synchronizes his files to reflect the work completed elsewhere— 
with no manual disk copies or file transfers required. 


With iFolder, each user’s work environment can revolve around the individual instead of a 
particular location or hardware configuration. Because the data travels transparently with the user, 
wherever in the world he or she needs to be, and resides concurrently in the user’s iFolder account 
on the server, the user can be confident that the local data is current and safe. The user no longer 
needs to worry about e-mailing files, keeping track of multiple versions of files on different 
portable storage media, and dealing with complicated remote logins and temperamental VPN 
clients. 


This overview describes the following information about iFolder: 
+ “Benefits of ¡Folder for the Enterprise” on page 13 
+ “Benefits of ¡Folder for Users” on page 15 
+ “Key Features of iFolder” on page 16 
+ “Novell NetDrive” on page 18 
+ “What's New” on page 18 
+ “What's Next” on page 18 


B Benefits of iFolder for the Enterprise 


Novell iFolder gives IT managers a secure, manageable, and easy-to-implement file management 
solution that makes every computer user in a company more productive by eliminating the hassles 
of creating, storing, and managing files across multiple devices and locations. Benefits of iFolder 
to the enterprise include the following: 


+ “Seamless Data Access” on page 14 


¢ “Data Safeguards and Data Recovery” on page 14 
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+ “Reliable Data Security” on page 14 

+ “Productive Mobile Users” on page 14 

+ “Cross-Platform Support” on page 15 

¢ “Simple Data and Account Management” on page 15 


+ “No Training Requirements” on page 15 


Ẹ Seamless Data Access 


Novell ¡Folder greatly simplifies the IT department’s ability to keep users productive. It empowers 
users by enabling their data to follow them wherever they go. 


The days of users e-mailing themselves project files so they can work on them from home are 
gone, along with the frustration associated with sorting through different versions of the same file 
on different machines. iFolder stores and synchronizes users’ work in such a way that no matter 
what client or what location they log in from, their files are available and in the condition that they 
expect them to be. 


B Data Safeguards and Data Recovery 


With Novell iFolder encryption, data stored on the server is secure not only from unauthorized 
access, but it also can be easily safeguarded from system crashes and disasters that can result in 
data loss. When a user saves a file locally, the iFolder client can automatically update data to the 
iFolder server, where it immediately becomes available for an organization’s regular network 
backup operations. 


iFolder makes it easier for IT managers to ensure that all of an organization’s critical data is 
protected. ¡Folder also gives Internet Service Providers (ISPs) the ability to offer a user-trusted 
backup solution for their customers’ critical business or personal data. 


B Reliable Data Security 


With Novell iFolder encryption, stored data is secure from unauthorized network access. In the 
past, executives fearing unauthorized access to sensitive data have been hesitant to store some 
confidential documents on the network. iFolder eliminates this concern, encrypting all data before 
it moves it across the Internet and stores it on the Novell iFolder server, keeping it out of the hands 
of unauthorized users. 


| Productive Mobile Users 


A Novell ¡Folder solution makes it significantly easier to support mobile users. VPN connections 
are no longer needed to deliver secure data access to mobile users. Users do not need to learn or 
perform any special procedures to access their files when working from home or on the road. 
iFolder does away with version inconsistency, making it simple for users to access the most up-to- 
date version of their documents from any connected desktop, laptop, Web browser, or handheld 
device. 


In preparation to travel or work from home, users no longer need to copy essential data to their 
laptops from various desktop and network locations. The ¡Folder client can automatically update 
users” laptops and desktops with the most current versions of their files. Even if a user loses a 
laptop, all those files can still be accessed with any computer connected to the Internet. 
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B Cross-Platform Support 


The cross-platform capabilities of Novell ¡Folder enable it to easily mesh with any organization’s 
Web infrastructure. The ¡Folder server integrates with either the Apache Web server on NetWare® 
and Linux* or the Microsoft* Internet Information Server (IIS) Web server on Windows* 2000 and 
Windows* 2003, enabling organizations to run iFolder on their preferred platforms. Additionally, 
the solution’s Lightweight Directory Access Protocol (LDAP) support for user authentication 
allows organizations to leverage Novell eDirectory™ on NetWare, Linux, and Windows 2000 
servers, or Microsoft Active Directory* on Windows 2000 and Windows 2003 servers. 


B Large-Scale Deployment 


One of the key features of iFolder is its ability to scale to a large and growing environment. You 
can install iFolder on multiple servers, allowing your iFolder environment to grow with your 
business. 


There is no practical limit to the number of iFolder servers that you can have in your iFolder 
network—a single iFolder server handles up to 10,000 user accounts, depending on the amount of 
memory available. The servers appear as a single iFolder system for management and user access. 


Because iFolder takes care of redirecting user authentication requests to the correct iFolder server, 
the login procedure is a seamless experience for the user. As your iFolder network grows, your 
management costs stay the same, because the management of all iFolder servers is centralized 
through the iFolder Management Console. 


R Simple Data and Account Management 


Novell iFolder was designed to allow for easy setup and management by IT professionals. The 
iFolder server can be managed from any location, using a standard Web browser. 


iFolder also frees IT departments from routine maintenance tasks with its automatic file updates, 
synchronization, and encryption. Also, because local files are automatically updated to the 
network, iFolder ensures that data is protected on both corporate and individual levels. 


IT managers also have the option to manage Novell iFolder accounts, using the power of Novell 
eDirectory or Microsoft Active Directory (on Windows 2000 and Windows 2003 servers only). 


R No Training Requirements 


IT personnel no longer need to condition or train users to perform special tasks to ensure the 
consistency of data stored on their laptops and on the network. With Novell iFolder, users simply 
store their files in the local iFolder directory on their PCs. Their files will be automatically updated 
to the ¡Folder server and any other workstations that they use. ¡Folder works seamlessly behind the 
scenes so users don’t even need to know it’s there. 


a Benefits of iFolder for Users 


Working in multiple locations has traditionally meant that you had to conscientiously manage file 
versions, secure data transfer, and periodic data backups for multiple workstations. Novell iFolder 
is an easy way to make sure your files are secure, accessible, and up to date. 
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With iFolder, you always have convenient and secure access to the most recent version of your 
documents. All you need is an active network or Internet connection and the Novell iFolder client 
software or a Web browser. 


Novell iFolder provides the following benefits: 


+ Guards against local data loss by automatically backing up your local files to the iFolder 
server and your multiple workstations. 


¢ Transparently updates your files to the iFolder server and your multiple workstations with the 
iFolder client. 


¢ Tracks and logs changes made while you work offline and synchronizes those changes when 
you go online. 


+ Provides access to your files on the ¡Folder server from any workstation without the ¡Folder 
client, using a Web browser. 


+ With encryption enabled, protects data as it travels across the wire and while stored on the 
iFolder server. 


+ Makes files on the ¡Folder server available for regularly scheduled data backup. 


Key Features of ¡Folder 
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Key features of Novell ¡Folder 2.1.x include the following: 


¢ Support for the following server operating systems: 


Server Operating System ¡Folder 2.1 ¡Folder 2.1.1 ¡Folder 2.1.2 ¡Folder 2.1.2 
(Bundled with (Bundled with (Bundled with 
NetWare 6.5) NetWare 6.5 Novell 


Support Pack 1) Nterprise™ 
Linux Services) 


NetWare 5.1 with Support Pack 5 Yes 


NetWare 6.0 with Support Pack 2 Yes 


Microsoft Windows 2000 Server with Yes 
Service Pack 3 or later 


Red Hat* Linux 8 Yes 

NetWare 6.5 or later Yes 

NetWare 6.5 Support Pack 1 or later Yes 

Red Hat Enterprise Linux AS Yes 
Red Hat Enterprise Linux ES Yes 
SUSE? Linux Enterprise Server 8 Yes 
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iFolder 2.1.3 iFolder 2.1.5 iFolder 2.1.5 
(Bundled with (Bundled with (Bundled with 
NetWare 6.5 SLES 9 Support NetWare 6.5 


Support Pack 2) Pack 1) Support Pack 3) 


NetWare 6.5 Support Pack 2 or 
later 


Yes 


NetWare 6.5 Support Pack 3 or 
later 


Yes 


SUSE® Linux Enterprise Server 9 


+ Support for the following LDAP systems: 


Novell eDirectory 


Yes 


Microsoft Active Directory 


iFolder 2.1 eDirectory 8.6.2 or later Windows 2000 Server Service Pack 3 or 
later 

iFolder 2.1.1 eDirectory 8.6.2 or later No 

iFolder 2.1.2 eDirectory 8.7.3 or later No 

iFolder 2.1.3 eDirectory 8.7.3 or later Windows 2000 and Windows 2003 
servers 

iFolder 2.1.5 eDirectory 8.7.3 or later No 


+ Large-scale deployment support with multiple ¡Folder servers acting as a single system. 


+ Report generator for administrators to view statistics on ¡Folder users and the ¡Folder system. 


+ Automatic upgrade from previous versions for NetWare and Windows 2000 installations in 


an eDirectory environment. 


+ Automatic synchronization of files by the ¡Folder client between the ¡Folder server and local 
workstations through a standard Internet connection. 


+ Windows Client supports, following workstation operating systems: 


+ Windows 98SE 
+ Windows 2000 Professional 


+ Windows XP Home and Professional 


¢ Linux Client supports, following workstation operating systems: 


+ Novell Linux Desktop 
+ SUSE 9.2 


+ Web browser access to ¡Folder from any workstation without an ¡Folder client. 


+ Web browser access to ¡Folder from any handheld device without an ¡Folder client. 
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+ Concurrent access to multiple ¡Folder accounts, using Novell NetDrive to map drives to the 
1Folder server. 


+ Thin-client support through Novell NetDrive for Citrix* Metaframe* servers, Windows 2000 
Terminal Server, and ZENworks® OnDemand Services. 


+ Proxy and authentication support in the ¡Folder client. 


+ File encryption across the wire and on the ¡Folder server to protect user data from 
unauthorized access. 


+ Management of ¡Folder server and accounts through a Web browser. 
¢ Ability for administrators to recover a user’s passphrase. 


¢ Ability of end user to select the location of the local iFolder directory. 


For information about key features of the iFolder client, see the Novell iFolder 2.1 User Guide. 


Novell NetDrive 


What’s New 


E What’s Next 


Novell NetDrive is a client software package that users can install on their Windows workstations. 
NetDrive allows a user to map a network drive to an iFolder server, using the iFolder protocol 
instead of the Novell Client™ or the iFolder client. 


One advantage of NetDrive is that it allows a user to be logged in to multiple iFolder accounts from 
the same workstation and at the same time. NetDrive also synchronizes the iFolder data a user 
works with between a temporary local iFolder directory and the iFolder server while the user 
works with select files. When the user logs out of NetDrive, NetDrive completes the uploads in 
progress, if any, then deletes and purges the temporary local iFolder directory and all of the files 
in it. With NetDrive, the user does not need to manually upload and download files or delete files 
from the local workstation as is required with a Web browser-based interface. 


For more information on how to install and use NetDrive on a user workstation, see the NetDrive 
documentation, located in the Novell NetDrive 4.1 User Guide. 


The Novell iFolder 2.1.5 software adds the following features: 
+ The ¡Folder Linux client allows you to access your files on Linux desktop. 


+ The ¡Folder Linux client can be downloaded from ¡Folder server page similar to Windows 
client. 


+ NetStorage is the default web client instead of Java applet. 


For information about which platforms are supported in different versions of iFolder, see 
Appendix H, “Product History of iFolder,” on page 173. 


For a description of how ¡Folder works, see Chapter 2, “Understanding the Novell ¡Folder 
Architecture,” on page 19. 


For instructions on how to install and configure (Folder. begin with Chapter 3, “Preparing to Install 
¡Folder 2.1,” on page 23. 
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Understanding the Novell iFolder Architecture 


Novell® iFolder® 2.1 lets users manage files automatically. No matter where users choose to work, 
iFolder does all the file management for them. This means that even though users are working 
locally, all of their data is being securely uploaded and saved to the network. This data protection 
is automatic, secure, and transparent to users. 


There are three pieces to Novell iFolder: the iFolder server software, the iFolder client software, 
the iFolder Java* applet, and the Novell NetStorage. These pieces work together seamlessly to 
provide users with instant access to any iFolder files stored on their hard drives from anywhere in 
the world. 


Figure 1 illustrates how the Novell ¡Folder server is accessed from different computers or 
locations. The iFolder server and storage component are central to the several access options. 


For example, John authenticates to the iFolder server, using LDAPv3. John can access his iFolder 
data from home, work, or through a browser. When he works on a local computer, John is 
accessing his data locally. The iFolder server is responsible for making sure that all of John’s 
computers have the latest version of his data. If he accesses his account through a browser, John is 
actually looking at the data that is stored on the iFolder server. 


Figure 1 Typical iFolder Deployment Scenario 
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For information on the different access methods to use when accessing ¡Folder data, see the Novell 
¡Folder 2.1 User Guide. 
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For information about synchronization, see “Authentication and Synchronization” on page 21. 


Large-Scale Deployment 


One of the key features of iFolder is its ability to scale to a large and growing environment. You 
can install iFolder on multiple servers, allowing your iFolder environment to grow with your 
business. 


There is no practical limit to the number of iFolder servers that you can have in your iFolder 
network—a single iFolder server handles up to 10,000 user accounts. In turn, each of these servers 
together acts as one system. 


Because iFolder takes care of redirecting user authentication requests to the correct iFolder server, 
the login procedure is a seamless experience for the end user. Plus, as your iFolder network grows, 
your management costs stay the same, because the management of all iFolder servers is centralized 
through the iFolder Management Console. 


Web Servers and iFolder 


The iFolder server software uses Apache as its default Web server for NetWare® and Linux server 
operating systems. On Windows 2000 and Windows 2003, ¡Folder uses the IIS Web server. 


For NetWare servers with Apache-based solutions, when iFolder is active, it can run in the 
operating system space or in protected memory space. Because iFolder requires some 
configuration changes to Apache-specific files, we recommend that you install iFolder on a server 
that does not have other applications that rely on Apache. 


If you do have other applications that use Apache, these applications might not work after you 
install iFolder. Check the port settings of the other applications to resolve any conflicts. 


LDAP and iFolder 


LDAP is a directory protocol that enables you to communicate with servers that use a directory 
service. 


iFolder uses LDAP for user authentication. It uses Novell eDirectory™ or Microsoft Active 
Directory (for Windows 2000 and Windows 2003) as a central location for all of its LDAP objects 
that are specific to iFolder. 


You can have iFolder and LDAP running on the same server or on different servers, but they must 
exist in the same tree. 


LDAP Directories 


iFolder uses two different types of LDAP directories: the Global Settings LDAP directory and the 
User LDAP directory. 


The Global Settings LDAP directory stores information about the iFolder system configuration 
and has ¡Folder Settings, iFolder Server, and LDAP Server objects. (For more information on these 
objects, see “Logging In to the iFolder Management Console” on page 90.) 


The User LDAP directory authenticates iFolder users and adds the iFolder Server Name and the 
Disk Quota attribute to User objects. You must enable User objects for iFolder services in the 
iFolder Management Console before users can create their iFolder accounts. 
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Regardless of how many iFolder servers you have, you have only one Global Setting LDAP. 
However, you can have up to eight User LDAP directories. Multiple LDAP directories benefit 
companies whose User objects are already divided into different LDAP directories. 


For example, if you have an LDAP directory for all of your vendors, another for your full-time 
employees, and another for your temporary hires, you can set up three User LDAP directories in 
iFolder to handle the iFolder accounts for each directory. This way, you can maintain your current 
organization and group management. For information, see “Managing User LDAP Servers” on 
page 123. 


Authentication and Synchronization 


When a user logs in, the ¡Folder client authenticates to the ¡Folder server by sending the encrypted 
username and password through an Internet connection to the iFolder server. The iFolder server 
uses this information to verify that the user exists, and then checks to see if the User object has 
been enabled in the iFolder Management Console to use iFolder. 


After the User object has been enabled, a user’s iFolder account must be initialized on the iFolder 
server before the user can begin using iFolder on his or her local workstation. An iFolder account 
is initialized the first time a user logs in to the iFolder server with the iFolder client or with the 
iFolder Java applet. After the user account is created, the administrator can manage the account 
via the iFolder Management Console. 


After the first login, a user can begin to add files to the local iFolder directory and automatic 
synchronization begins. The iFolder client is always aware of any local activity and, based on the 
synchronization preferences chosen by you or the user, the iFolder client regularly asks the iFolder 
server for a download of any new data. After the iFolder server downloads the data, it uploads any 
updates from the iFolder local directory. When the user access his account from a different 
computer, the iFolder server first downloads any updates before uploading the iFolder client 
changes. 


For More Information 


For a more technical description of how iFolder works, see Appendix A, “In-Depth Look at 
Authentication, Encryption, and Synchronization,” on page 141. 
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E Preparing to Install ¡Folder 2.1 


Before installing the standalone release of Novell® iFolder® 2.1 server software on your enterprise 
server, prepare your network resources. Make sure you understand your installation or upgrade 
scenario and meet the prerequisites for that scenario. 


+ “Installation Scenarios for ¡Folder 2.1” on page 23 

+ “Installation Scenarios for ¡Folder 2.1.x” on page 24 
+ “Upgrade Scenarios for iFolder” on page 26 

¢ “Prerequisites for ¡Folder 2.1” on page 26 

¢ “Prerequisites for ¡Folder 2.1.x” on page 30 

¢ “Download Instructions for iFolder 2.1” on page 30 


+ “What's Next” on page 31 


B Installation Scenarios for ¡Folder 2.1 
The standalone version of Novell ¡Folder 2.1 server software supports the following server 
operating systems: 
+ Novell NetWare® 5.1 Support Pack 5 or later 
+ Novell NetWare 6.0 Support Pack 2 or later 
+ Windows 2000 Service Pack 3 or later 
i + Red Hat Linux 8 


Novell iFolder requires that you have an LDAP server that is active, synchronized, and working 
properly. Your LDAP server must be in the same tree as your iFolder server. You can point to the 
LDAP master server or to a replica. 


iFolder 2.1 supports Novell eDirectory™ for the supported versions of NetWare, Windows, and 
Linux. It extends the cross-platform interoperability to include support for Microsoft Active 
Directory for Windows 2000 Service Pack 3 or later server operating environments. Previous 
versions of iFolder were interoperable with only eDirectory. 


Novell iFolder 2.1 supports four installation scenarios: 


Hi Server Operating System Web Server LDAP Server 

ul NetWare Apache 1.3.26 or 1.3.27 eDirectory 

Hi Windows 2000 IIS eDirectory 

o] Windows 2000 IIS Active Directory 
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Server Operating System Web Server LDAP Server 


Red Hat Linux 8 Apache 2.0.43 eDirectory 
mM 


E Installation Scenarios for iFolder 2.1.x 


Novell iFolder 2.1.1 and 2.1.2 are bundled versions of iFolder 2.1. The planning, prerequisites, and 
installation instructions are integrated into the installation sequence of the product in which 
iFolder is bundled. 


The following installation scenarios exist for Novell iFolder 2.1.x. 
+ “Installing ¡Folder 2.1.1 with NetWare 6.5” on page 24 
+ “Installing ¡Folder 2.1.2 with NetWare 6.5 Support Pack 1” on page 24 
+ “Installing ¡Folder 2.1.2 with Novell Nterprise Linux Services” on page 25 
+ “Installing ¡Folder 2.1.3 with Windows 2003 Server” on page 25 
+ “Installing iFolder 2.1.5 with Open Enterprise Server” on page 25 


Installing iFolder 2.1.1 with NetWare 6.5 


As bundled with NetWare 6.5, Novell iFolder 2.1.1 supports one basic installation scenario. 


BB Server Operating System Web Server LDAP Server 


Hi NetWare 6.5 Apache 2.0.43 eDirectory 8.6.2 or later 


The instructions in this guide do not apply when installing iFolder 2.1.1 with NetWare 6.5. Please 
follow the prerequisite and installation instructions provided in the NetWare 6.5 Overview and 
Installation Guide. 


For instructions on managing your iFolder 2.1.1 server, please refer to Chapter 11, “Using the 
iFolder Management Console to Configure Your iFolder System,” on page 85. 


B Installing iFolder 2.1.2 with NetWare 6.5 Support Pack 1 


As bundled with NetWare 6.5 Support Pack 1, Novell iFolder 2.1.2 supports one basic installation 


scenario. 
gE Server Operating System Web Server LDAP Server 
Hi NetWare 6.5 Support Pack 1 Apache 2.0.43 eDirectory 8.7.3 


The instructions in this guide do not apply when installing iFolder 2.1.2 with NetWare 6.5 Support 
Pack 1. Please follow the prerequisite and installation instructions provided in the NetWare 6.5 
Overview and Installation Guide. 


For instructions on managing your iFolder 2.1.2 server, please refer to Chapter 11, “Using the 
iFolder Management Console to Configure Your iFolder System,” on page 85. 
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Installing iFolder 2.1.2 with Novell Nterprise Linux Services 


As bundled with the Novell Nterprise™ Linux Services 1.0 and later, Novell iFolder 2.1.2 supports 
three basic installation scenarios. 


Server Operating System Web Server LDAP Server 

Red Hat Enterprise Linux AS 2.1 Apache 2.0.48 eDirectory 8.7.3 
Red Hat Enterprise Linux ES 2.1 Apache 2.0.48 eDirectory 8.7.3 
SUSE® Linux Enterprise Server 8 Apache 2.0.48 eDirectory 8.7.3 


The instructions in this guide do not apply when installing iFolder 2.1.2 with Novell Nterprise 
Linux Services. Please follow the prerequisite and installation instructions provided in the Novell 
Nterprise Linux Services Installation Guide. 


For instructions on managing your iFolder 2.1.2 server, please refer to Chapter 11, “Using the 
iFolder Management Console to Configure Your iFolder System,” on page 85. 


Installing iFolder 2.1.3 with Windows 2003 Server 


Novell iFolder 2.1.3 supports two basic installation scenarios. 


Server Operating System Web Server LDAP Server 
Windows 2003 Server IIS 6.0 eDirectory 
Windows 2003 Server IIS 6.0 Active Directory 


Please follow the prerequisite and installation instructions provided in the Chapter 8, “Installing 
¡Folder 2.1.3 on Windows 2003 and Windows 2000 Server,” on page 57. 


For instructions on managing your ¡Folder 2.1.3 server, please refer to Chapter 11, “Using the 
¡Folder Management Console to Configure Your ¡Folder System,” on page 85. 


Installing ¡Folder 2.1.5 with Open Enterprise Server 


As bundled with the Open Enterprise Server, Novell iFolder 2.1.5 supports two basic installation 
scenarios. 


Server Operating System Web Server LDAP Server 
NetWare 6.5 SP3 Apache 2.0.52 eDirectory 8.7.3 
SuSE Linux Enterprise Server 9 SP1 Apache 2.0.49 eDirectory 8.7.3 


The instructions in this guide do not apply when installing iFolder 2.1.5 with Open Enterprise 
Server. Please follow the prerequisite and installation instructions provided in the Novell Nterprise 
Linux Services Installation Guide. 


For instructions on managing your ¡Folder 2.1.5 server, please refer to Chapter 11, “Using the 
¡Folder Management Console to Configure Your ¡Folder System,” on page 85. 
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Upgrade Scenarios for iFolder 


Novell iFolder 2.1 supports automatic upgrades from previous versions of iFolder as noted in the 
table below. You can uninstall your current version of iFolder, then install iFolder 2.1 if you do not 
want to retain the current settings for the product. For Red Hat Linux, you must uninstall, then 
install iFolder 2.1; automatic upgrade is not supported. 


Server Operating System and LDAP Service Preexisting iFolder Version Automatic Upgrade1 Uninstall + Install1 
to iFolder iFolder 
NetWare with eDirectory Standard Edition 2.1 2.1 
2.0 Professional Edition 2.1 2.1 
2.1 2.1.1 or 2.1.2 2.1.1 or 2.1.2 
2.1.1 2.1.2 2.1.2 
2.1.2 2.1.3 2.1.3 
2.1.3 2.1.5 2.1.5 
Windows 2000 with eDirectory Standard Edition 2.1 2.1 
2.0 Professional Edition 2.1 2.1 
Windows 2000 with Active Directory None No No 
Windows NT 4 with eDirectory Standard Edition No No 
2.0 Professional Edition No No 
Red Hat Linux with eDirectory 2.0 Professional Edition No 2.1 
Red Hat Enterprise Linux AS with eDirectory None No No 
Red Hat Enterprise Linux ES with eDirectory None No No 
SUSE Linux Enterprise Server 8 with eDirectory None No No 
Solaris with eDirectory 2.0 Professional Edition No No 


1 Update your platform to the supported versions of the operating system and LDAP service. 


Prerequisites for iFolder 2.1 
Before you install iFolder 2.1 on your enterprise server, make sure you meet the following 
prerequisites for your server platform: 
+ “Prerequisites for All iFolder 2.1 Servers” on page 27 
+ “Prerequisites for NetWare Servers for ¡Folder 2.1” on page 27 
+ “Prerequisites for Windows 2000 Servers for ¡Folder 2.1” on page 28 


+ “Prerequisites for Linux Servers for ¡Folder 2.1” on page 29 
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B Prerequisites for All iFolder 2.1 Servers 


Before you install Novell ¡Folder 2.1, make sure your server and enterprise network environment 
meet all of the following prerequisites. See “Installation Scenarios for ¡Folder 2.1” on page 23 for 
the server environment scenarios. 


U Configure an enterprise server with the following components: 
+ Minimum 450 MHz Intel* Pentium* IT processor. 


+ Minimum 512 MB RAM. Add more RAM if the server supports programs or services 
other than iFolder. Add more RAM according to how many concurrent connections you 
intend to support. 


+ Storage capacity for server software (about 15 MB) plus the user data for all the users” 
¡Folder accounts. 


As a guide, consider the expected number of users and the quota of storage allotted for 
each ¡Folder user account. Also, consider the likely growth associated with each of the 
parameters to anticipate future demand for storage. 


For example, if you have 500 users and allocate a disk quota of 200 MB to each user, you 
must provide at least 100 GB of storage for iFolder accounts. Of course, not all users will 
fill their quota immediately. You must assess your initial needs, then monitor and expand 
physical capacity as usage grows. 


+ Anactive network or Internet connection with full two-way access to other computers on 
the network or Internet, or both, depending on your deployment 


Q) Install your preferred server operating system, including current service packs and patches. 


Q) Install and configure Apache Web Server or IIS Server software on your server. Get an SSL 
certificate and install it onto your iFolder server. 


Q) Install and configure your Novell eDirectory or Microsoft Active Directory LDAP server, 
including current service packs and patches. Make sure that your LDAP server is active, 
synchronized, and working properly. 


O Make sure the DNS name and IP address of the enterprise server you want to use as your 
¡Folder server are listed on the DNS server. The IP address must be unique within your 
network environment. 


U To extend the schema for your LDAP server, you must have the appropriate rights or 
credentials to the root of the tree where you plan to install the ¡Folder server in your network. 


B Prerequisites for NetWare Servers for ¡Folder 2.1 


Before you install Novell ¡Folder 2.1, make sure your NetWare server and enterprise network 
environment meet all of the following prerequisites. See “Prerequisites for All iFolder 2.1 Servers” 
on page 27 for additional requirements. 


Q) Install and configure Novell NetWare 5.1 Support Pack 5 or NetWare 6.0 Support Pack 2 on 
your ¡Folder server. 


Q) Install Novell eDirectory 8.6.2 or later as your LDAP server. Make sure it is active, 
synchronized, and working properly. 


Your LDAP server and iFolder server can reside on the same machine or different machines. 


U Create a storage volume accessible from the NetWare server where you want to store the user 
data for the ¡Folder accounts. 


Preparing to Install ¡Folder 2.1 27 


Novell Confidential Manual (99a) 21 December 2004 


It is standard practice to store user data on a volume other than the sys: volume on the NetWare 
server. Storage solutions can include any NSS volume options supported by NetWare, 
including direct attached storage and storage area networks. 


A Install and configure a Windows 98SE or NT 4, 2000 Professional, or XP Professional 
workstation. 


You will use the workstation to install the iFolder software on your NetWare server across an 
active network connection. 


Q) Install TE 5.0 or later on your installation workstation. 


Q Ifthe NetWare server where you will be installing ¡Folder is not configured to use the CIFS 
(Common Internet File Services) protocol, install the Novell Client™ on your installation 
workstation. 


You can download a current version of the Novell Client at the Novell Product Downloads 
Web site (http://download.novell.com). 


Q) Install Apache Web Server 1.3.26 or 1.3.27. 


With iFolder 2.1 for NetWare 5.1 Support Pack 5 and NetWare 6.0 Support Pack 2 servers, 
you must use Apache Web Server 1.3.26 or 1.3.27. If you use another version of Apache, 
iFolder does not work as designed. 


A binary distribution of Apache Web Server 1.3.27 was made available with NetWare 6.0 
Support Pack 2 on the Netware 6 Support Pack 2 Overlay CD. These versions might already 
be installed on your NetWare 6.0 servers. 


For NetWare 6.0 servers, upgrade to Support Pack 2, then reinstall the original Apache 1.3.27 
binary distribution. Do not install ¡Folder on an upgraded version of Apache other than 
Apache 1.3.27. 


For NetWare 5.1 Support Pack 5 servers, download NetWare 6.0 Support Pack 2 or the 
NetWare 6.0 Support Pack 2 Overlay CD, then extract the contents to a temporary location. 
Locate the Products/Novonyx/aapache.zip file, which contains the binary distribution of 
Apache Web Server 1.3.27, extract the contents of the aapache.zip file to a temporary 
directory, then copy the contents of the temporary directory to the sys:\apache directory on 
your NetWare 5.1 server. 


B Prerequisites for Windows 2000 Servers for ¡Folder 2.1 
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Before you install Novell iFolder 2.1, make sure your Windows 2000 server and enterprise 
network environment meet all of the following prerequisites. See “Prerequisites for All iFolder 2.1 
Servers” on page 27 for additional requirements. 


A Install Windows 2000 Service Pack 3, including all patches. 


U Create a storage volume accessible from the Windows server where you want to store the user 
data for the iFolder accounts. 


It is standard practice to store user data on a volume other than the system volume. Storage 
solutions can include any volume options supported by Windows, including direct attached 
storage and storage area networks. 


Q) Install Novell eDirectory 8.6.2 or later or install Microsoft Active Directory (from Windows 
2000 Server with Service Pack 3 or later) as your LDAP server. Make sure it is active, 
synchronized, and working properly. 
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Your LDAP server and your ¡Folder server can reside on the same machine or on different 
machines. 


If you use Active Directory as your LDAP server, you must meet these additional 
requirements: 


¢ In Active Directory environments, if you have shared schema domain controllers, all 
must be active and synchronized to enable the schema extension during the iFolder 
installation. 


+ You must have the necessary rights to extend the Active Directory schema. During a 
Complete install, iFolder extends the schema. Alternately, you can run the install to 
extend the schema independently, using the Extend Schema Only option. 


Install and configure IIS Server on the ¡Folder server, including service packs and patches. 
Get an SSL certificate and install it onto your iFolder server, using one of these methods: 


+ If you have your own certificate server, such as Novell Certificate Server, then you can 
get a certificate from your server. 


+ You can go to a certificate vendor, such as Entrust* or VeriSign*, and purchase a 
certificate. 


For more information on creating and installing SSL certificates: 


¢ For IIS 4, refer to the Microsoft Product Support Services Web site (http:// 
support.microsoft.com/kb/q228991/) 


¢ For IIS 5, refer to the Microsoft Product Support Services Web site (http:// 
support.microsoft.com/support/kb/articles/Q228/8/36.ASP) 


+ For IIS 6, refer to the Microsoft TechNet Web site (http://www.microsoft.com/technet/ 
prodtechnol/WindowsServer2003/Library/IIS/89c7ef2f-f7d6-483c-8b08- 
ae0c6584dd4d.mspx) 


Install Internet Explorer (IE) 5.0 or later on your server. 


B Prerequisites for Linux Servers for ¡Folder 2.1 


Before you install Novell iFolder 2.1, make sure your Linux server and enterprise network 
environment meet all of the following prerequisites. See “Prerequisites for All iFolder 2.1 Servers” 
on page 27 for additional requirements. 


a 


a 


Install and configure Red Hat Linux 8 server on your ¡Folder server, including all service 
packs and patches. 


Create a storage volume accessible from the Linux server where you want to store the user 
data for the ¡Folder accounts. 


It is standard practice to store user data on a volume other than the system volume. Storage 
solutions can include any volume options supported by Red Hat Linux, including direct 
attached storage and storage area networks. 


Install Novell eDirectory as your LDAP server. Make sure it is active, synchronized, and 
working properly. 


Your LDAP server and ¡Folder server can reside on the same machine. 


Install Apache Web Server 2.0.43 or later on your Linux server. For information, see 
“Installing Apache 2.0.43 on Red Hat Linux 8” on page 47. 
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Q) If you plan to use SSL mode for iFolder, set up a self-signed root certificate so that Apache 
will run in SSL mode. 


Q) Install Internet Explorer (IE) 5.0 or later on the Windows workstation that you will use for 
iFolder server administration. 


Prerequisites for iFolder 2.1.x 


For prerequisite and installation instructions for ¡Folder 2.1.x server, see the installation guide of 
the product in which iFolder is bundled. Use the table below to determine which installation guide 
applies to your version of iFolder 2.1.x. 


If You Have This Version of iFolder Bundled with This Product Then Refer To 

iFolder 2.1.1 NetWare 6.5 NetWare 6.5 Overview and Installation Guide 

iFolder 2.1.2 NetWare 6.5 Support Pack 1 NetWare 6.5 Overview and Installation Guide 

iFolder 2.1.2 Novell Nterprise™ Linux Services Novell Nterprise Linux Services Installation 

Guide 

iFolder 2.1.2 Novell Nterprise Linux Services Support Novell Nterprise Linux Services Installation 
Pack 1 Guide 

iFolder 2.1.3 NetWare 6.5 Support Pack 2 NetWare 6.5 Overview and Installation Guide 

iFolder 2.1.5 NetWare 6.5 Support Pack 3 (OES for NetWare 6.5 Overview and Installation Guide 
NetWare) 

iFolder 2.1.5 OES for Linux OES for Linux (http://www.novell.com/ 


documentation/oes/index.html?page=/ 
documentation/oes/install_linux/data/ 
btejmd5.html#btejmd5) 


Download Instructions for iFolder 2.1 


After you meet all the general prerequisites and server-specific prerequisites for your preferred 
server configuration, you are ready to download the Novell iFolder 2.1 server installation program 
and your preferred LDAP server software. 


+ “Downloading Novell ¡Folder 2.1” on page 30 


+ “Downloading Novell eDirectory or Microsoft Active Directory” on page 31 


Downloading Novell ¡Folder 2.1 


4 Download Novell ¡Folder 2.1 at the Novell Product Downloads Web site (http:// 
download.novell.com). 


2 Review the readme.txt file in the product. 


Remember the location ofthe downloaded program installation file; you will need it when you are 
ready to install ¡Folder server. 


If you purchased NetWare 6.5, ¡Folder 2.1.1 is available on the NetWare 6.5 CD 2 (Products). 
¡Folder 2.1.2 is available in the NetWare 6.5 Support Pack 1 build. 
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If you purchased Novell Nterprise Linux Services, iFolder 2.1.2 is available in the NNLS 
download file. 


B Downloading Novell eDirectory or Microsoft Active Directory 


Novell ¡Folder requires that you have an LDAP server that is active, synchronized, and working 
properly. ¡Folder is compatible with eDirectory and Active Directory in the configurations 
discussed in “Installation Scenarios for ¡Folder 2.1” on page 23. 

El Novell eDirectory 


Novell ¡Folder 2.1 requires Novell eDirectory 8.6.2 or later. 


To get copy of eDirectory: 
1 Download eDirectory at the Novell Download Web site (http://download.novell.com). 
2 Review the readme.txt file in the product. 
3 Obtain your license file from www.novell.com/products/edirectory/customer_license.htm 
(http://www.novell.com/products/edirectory/customer_license.htm). 
El Active Directory 


For Windows 2000 servers, ¡Folder 2.1 is compatible with both eDirectory and Microsoft Active 
Directory. If you want to use ¡Folder with Active Directory, the Active Directory software is a 
component of Windows 2000 Service Pack 3 or later server software. 


For information about Active Directory, see the Microsoft Web site (http://www.microsoft.com). 


What's Next 


Choose one of the possible installation or upgrade scenarios, then use the table below to determine 
where next to go to install iFolder: 


mM To Install This Version of iFolder On This Server Operating System Do This 


Hi iFolder 2.1 NetWare 5.1 Support Pack 5 orlateror For standalone servers, see Chapter 4, “Installing 
NetWare 6.0 Support Pack 2 or later with ¡Folder 2.1 on NetWare,” on page 33. 


Novell eDirecto 
7 For NetWare clusters, see “Configuring an iFolder 


Server Cluster on NetWare 5.1 and 6.0” on 
page 149 in Configuring iFolder on Novell Cluster 


Services. 
Hi Windows 2000 Service Pack 3 or later “Installing ¡Folder on Windows/I|S/eDirectory” on 
with Novell eDirectory page 39 
E Windows 2000 Service Pack 3 or later “Installing iFolder on Windows/I|S/Active Directory” 
with Microsoft Active Directory on page 43 
E Red Hat Linux 8 with Novell eDirectory Chapter 6, “Installing iFolder 2.1 on Red Hat Linux 
8,” on page 47 
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Do This 


For NetWare servers, see the NetWare 6.5 
Overview and Installation Guide. 


For NetWare clusters, see “Configuring an iFolder 
Server Cluster on NetWare 6.5 and Later” on 
page 151 in Configuring iFolder on Novell Cluster 
Services. 


iFolder 2.1.2 All Enterprise Linux server operating Novell Nterprise Linux Services Installation Guide 
systems supported by Novell Nterprise 
Linux Services 1.0 and later 
iFolder 2.1.3 NetWare 6.5 or later with Novell For NetWare servers, see the NetWare 6.5 
eDirectory Overview and Installation Guide. 
For NetWare clusters, see “Configuring an iFolder 
Server Cluster on NetWare 6.5 and Later” on 
page 151 in Configuring iFolder on Novell Cluster 
Services. 
Windows 2000 Service Pack 3 or later Chapter 8, “Installing ¡Folder 2.1.3 on Windows 
with Novell eDirectory 2003 and Windows 2000 Server,” on page 57 
Windows 2000 Service Pack 3 or later Chapter 8, “Installing ¡Folder 2.1.3 on Windows 
with Microsoft Active Directory 2003 and Windows 2000 Server,” on page 57 
Windows 2003 server with Novell Chapter 8, “Installing iFolder 2.1.3 on Windows 
eDirectory or Microsoft Active Directory 2003 and Windows 2000 Server,” on page 57 
Red Hat Linux 8 with Novell eDirectory Chapter 6, “Installing ¡Folder 2.1 on Red Hat Linux 
8,” on page 47 
¡Folder 2.1.5 NetWare 6.5 or later with Novell For NetWare servers, see the NetWare 6.5 


eDirectory 


Overview and Installation Guide. 


For NetWare clusters, see “Configuring an iFolder 
Server Cluster on NetWare 6.5 and Later” on 
page 151 in Configuring iFolder on Novell Cluster 
Services. 


SLES 9 with Novell eDirectory 
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Chapter 10, “Installing iFolder 2.1.5 on OES for 
Linux,” on page 77 


Upgrading from iFolder 2.0 Professional Edition to iFolder 2.1 


Upgrading from iFolder 2.0 Professional Edition to iFolder 2.1 is a straightforward process. If you 
meet the prerequisites for this upgrade path as outlined in “Upgrade Scenarios for ¡Folder” on 
page 26, use the preceding table to determine where to go for installation instructions. 


Upgrading from iFolder Standard Edition to iFolder 2.1 


Upgrading from iFolder Standard Edition to iFolder 2.1 requires special considerations before you 
upgrade. If you meet the prerequisites for this upgrade path as outlined in “Upgrade Scenarios for 
¡Folder” on page 26, follow the instructions in “Upgrading from ¡Folder Standard Edition to 

iFolder 2.1” on page 147. 
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Installing iFolder 2.1 on NetWare 


This section describes the how to install the standalone version of Novell® iFolder® 2.1 server 
software, using the following configuration: 


Server Operating System Web Server LDAP Server 


NetWare® Apache Novell eDirectory™ 


NOTE: The instructions in this section do not apply when installing iFolder 2.1.x, as bundled with Novell 
NetWare 6.5 and later. Please follow the prerequisite and installation instructions provided in the NetWare 6.5 
Overview and Installation Guide. 


For a description of known issues related to installation, see the Novell iFolder 2.1 Readme. 
The following topics are discussed: 

+ “Confirming Prerequisites” on page 33 

+ “Installing ¡Folder Server” on page 33 


+ “What's Next” on page 37 


Confirming Prerequisites 
Before you install Novell ¡Folder 2.1, make sure you have met the following prerequisites and 
download requirements: 


¢ For general ¡Folder server prerequisites, see “Prerequisites for All ¡Folder 2.1 Servers” on 
page 27. 


¢ For prerequisites specific to NetWare, see “Prerequisites for NetWare Servers for ¡Folder 2.1” 
on page 27. 


¢ For instructions for downloading Novell iFolder 2.1, see “Download Instructions for iFolder 
2.1” on page 30. 


Installing iFolder Server 
After you have met all the prerequisites for installing iFolder on NetWare, you are ready to install 
Novell iFolder 2.1. 


1 On your installation workstation, map a drive to the sys: volume on the destination server 
where you want to install the iFolder server. Map the drive, using one of these methods: 


+  Ifyouuse CIFS on the destination NetWare server, map a drive, using Windows Explorer. 


+ Ifyou do not use CIFS on the destination NetWare server, map a drive, using the Novell 
Client™. 
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Remember this drive letter; you need it in Step 6 on page 34 to enter as the installation drive 
path. 


2 On your NetWare server, you must bring the Apache Web site down to install, upgrade, repair, 
or uninstall the ¡Folder server. 


For Apache 1.3.26 and 1.3.27, enter the following command from the NetWare command 
prompt: 


nvxadmdn.ncf 


3 To start the installation, go to the temporary directory on your workstation where you saved 
the installation program, then double-click the installation program icon. 


The ¡Folder Installation Wizard opens on the desktop of your installation workstation. 
4 Do one of the following: 
+ New Installation of iFolder 2.1: Continue or Cancel the installation. 
If you click Continue, proceed to Step 5 on page 34. 


If you click Cancel, the installation program exits and ¡Folder server is not installed. You 
can restart the install at a later time. 


+ Upgrade Installation or Repair of iFolder 2.1: If you are installing ¡Folder 2.1 on an 
existing iFolder server, the Installation Wizard automatically detects it. Proceed to Step 
10 on page 36. 


5 For new ¡Folder 2.1 installations, read the End User License Agreement, then do one of the 
following: 


+ Agree (click Yes) 
The installation program proceeds. 
+ Disagree (click No) 


The installation program exits and the ¡Folder server is not installed. You can restart the 
installation at a later time. 


6 Specify the directory on the destination NetWare server where you want ¡Folder server to be 
installed. Browse to select the drive letter that you mapped in Step 1 on page 33. 


7 Configure the global settings for the eDirectory LDAP server that your ¡Folder server uses, 
then click Next. 


+ LDAP hostname or IP: Enter the DNS name (such as Idap1.your-domain-name.com) or 
IP address (such as 192.168.1.1) of the server that acts as your LDAP server. 


This might be the same server that you are configuring as your 1Folder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


+ Port: Select the port type, based your security needs, for data exchanges between your 
LDAP server and your ¡Folder server. 


Select one of the following methods: 


+ Clear Text: Specify any valid TCP port number to use for Clear Text exchanges. By 
default, Port 389 is used for Clear Text. 


Use Clear Text if you want to use LDAP without SSL encryption or if your LDAP 
server does not support SSL. Clear Text is also a good choice if iFolder and LDAP 
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are running on the same server. Because no communication or data is being 
transferred across network connections, no encryption is necessary. 


If you use Clear Text, the LDAP Group object must be able to allow clear text 
passwords. To verify this, launch ConsoleOne®, locate the context where your server 
resides, right-click the LDAP Group object, click Parameters, and make sure the 
Allow Clear Text Passwords check box is checked. 


+ SSL: Specify any valid TCP port number to use for SSL exchanges. By default, Port 
636 is used for SSL. 


Select SSL if you want to use SSL exchanges to provide your network with 
encryption and security when data is transferred across network connections. 


LDAP Context Where iFolder Admin User Is Located: Enter the LDAP context where 
you iFolder Admin User objects are located. For example, o=all. 


If you are entering more than one context, separate them with semicolons and with no 
spaces. For example, 


o=all;o=novell 


Do not include spaces between delimiters in the context. For example, 


o=novell; ou=users, o=novell 


8 Configure the iFolder settings for the NetWare server that will be your iFolder server, then 
click next. 


+ 


iFolder Server Host Name or IP: Enter the DNS name (such as nifl .your-domain- 
name.com) or the IP address (such as192.168.1.1) to use for your iFolder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


If you are planning to create a Novell cluster server, use the DNS name here. For 
information, see Step 1 on page 154. 


To specify a port, append the IP address of the server with a colon followed by the port 
number. For example, 192.168.1.1:80. 


iFolder Admin Names: Specify the default user ID for the iFolder administrator for this 
iFolder server. For example, 


admin 


The iFolder Admin Names are the users who have permission to manage the iFolder 
server, using the ¡Folder Management Console. You can assign more than one user ID to 
be an iFolder administrator. If you have multiple user IDs, separate them with semicolons 
and with no spaces. For example, 


admin; jsmith;acatt 
IMPORTANT: All of the users identified here must exist in the context identified in Step 7 on 
page 34. 


Local iFolder User Database Path: Specify the path to the directory on the iFolder 
server where user data for all the iFolder accounts will be stored. For example, 

sys: \iFolder or nif-user:\iFolder, where sys: or nif-user: is the name of the preexisting 
volume and ¡Folder is the location of ¡Folder user data. 


The default location is sys:\iFolder because a sys: volume is the only NSS volume known 
to exist prior to the definition of your storage architecture solution for the NetWare server. 
By using a separate volume for user data, you can avoid filling up your sys: volume. 
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The iFolder installation creates a directory on an existing volume, but it does not create 
a new volume. You must create the alternate volume prior to installing iFolder. 
Otherwise, the installation will fail. 


Do one of the following: 


+ Specify the preexisting volume other than sys: and the directory where you want to 
store user data. For example, nif-user: \iFolder, where nif-user is the name of the 
preexisting volume and iFolder is the location of iFolder user data. 


+ Specify the default location of sys:\iFolder for now. If desired, you can change the 
location later by editing the value in the 
Apache\iFolderServer\httpd_ifolder_nw.conf file. 


9 Review the settings you provided in the previous steps. To return to previous pages and 
change the settings, click Back and repeat the steps, as necessary. 


When you are done, click Next, then go to Step 11 on page 37. 


10 Ifa version of ¡Folder already exists on the server as identified in Step 4 on page 34, you can 
upgrade, repair, or uninstall that version. 


Do one of the following: 
+ Upgrade to iFolder 2.1: Click Upgrade/Repair, then do one of the following: 


+ Upgrade from iFolder Standard Edition: The ¡Folder Installation Wizard requests 
that you confirm the upgrade to ¡Folder 2.1. 


IMPORTANT: You might need to follow a manual upgrade process if you have a large number 
of users who have extended characters in their passphrases. You must also follow special 
precautions if you decide to concurrently use both ¡Folder 1.x and ¡Folder 2.1 systems. For 
information, see Appendix B, “Upgrading from ¡Folder Standard Edition to ¡Folder 2.1,” on 
page 147. 


To accept, click Yes. The installation continues and uses the current settings of your 
¡Folder 1.x server as the default settings for ¡Folder 2.1. ¡Folder notifies you when 
the upgrade installation is complete. User data remains untouched. 


In ¡Folder 2.1, the ¡Folder policies are stored in the iFolderSettings object in 
eDirectory™ instead of the ifolder.xml file. After the upgrade process completes, 
manually remove the ifolder.xml file from the ¡Folder data directory. By default, this 
location is sys: \ifolder\ifolder.xml. Replace sys:\ifolder with the actual path to your 
¡Folder data directory. 


+ 


Upgrade from ¡Folder 2.0 Professional Edition: The ¡Folder Installation Wizard 
requests that you confirm the upgrade to ¡Folder 2.1. 


To accept, click Yes. The installation continues and uses the current settings of your 
¡Folder 2.0 server as the default settings for ¡Folder 2.1. ¡Folder notifies you when 
the upgrade installation is complete. User data remains untouched. 


+ Decline the Upgrade: To decline, click No. Your ¡Folder server is not upgraded. 


+ Repair iFolder 2.1: The ¡Folder Installation Wizard requests that you confirm the repair 
of ¡Folder 2.1. 


To accept, click Yes. The reinstall continues and uses the current settings of your ¡Folder 
2.1 server as the default settings. ¡Folder notifies you when the repair installation is 
complete. User data remains untouched. 


To decline, click No. Your ¡Folder 2.1 server is not repaired. 
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+ Uninstall iFolder 2.1: Click Uninstall. The ¡Folder Installation Wizard requests that you 
confirm the uninstall. 


To accept, click Yes. The iFolder uninstall process stops the iFolder server and removes 
all iFolder files and settings. iFolder notifies you when the uninstall is complete. User 
data remains on the server; you must remove it manually. 


To decline, click No. iFolder will not be uninstalled. 
11 To exit the Installation Wizard, click Finish. 


12 After the software is installed or upgraded on your NetWare server, you must bring the Apache 
Web site down and up again to make the changes permanent. 


For Apache Web Server 1.3.26 and 1.3.27, at the command prompt, enter 
nvxadmdn.ncf 


Allow enough time for the Web server to shut down gracefully, then at the command prompt, 
enter 


nvxadmup.ncf 
After the server restarts, ¡Folder is active on your system. 


If this is a new installation of iFolder, continue to Step 13 on page 37. If this is an upgrade, 
your upgrade is successfully completed. 


13 If this is a new installation, you must extend the eDirectory schema before you can use the 
iFolder server. 


13a To open the ¡Folder Management Console, do one of the following: 


+ Select the Administer ¡Folder option on the last window of the ¡Folder installation 
process. 


+ Froma Web browser on your installation workstation, go to the ¡Folder Management 
Console, click File > Open, then enter the following URL: 


https://nif1.your-domain-name.com/iFolderServer/Admin 
IMPORTANT: This URL is case sensitive. 


Replace nif!.your-domain- name.com with the actual DNS name or IP address of 
your ¡Folder server. 


13b Log in to the Global Settings page. 


On successful login, ¡Folder extends the eDirectory schema. This can take several 
seconds, so expect a 10- to 30-second delay in the response. 


When the browser opens to the Global Settings General Information page, the installation 
is complete. 


Follow the instructions for configuring and managing your iFolder server in the Chapter 11, 
“Using the iFolder Management Console to Configure Your iFolder System,” on page 85. You 
must enable iFolder services for a user before the user can initialize an iFolder account. 


After you provision a user’s account for iFolder services, to initialize the iFolder account, a user 
must log in to the iFolder server, using the iFolder client, the iFolder Java applet available on the 
iFolder Web site, or NetDrive. 
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IMPORTANT: If your global client polices include any enforced or hidden settings, the users must log in with 
the iFolder client to initialize their iFolder user accounts. 


To install the ¡Folder client on workstations, follow the instructions in the ¡Folder 2.1 Quick Start 
and the Novell iFolder 2.1 User Guide, available on the Novell iFolder online documentation Web 
site (http://www.novell.com/documentation/lg/ifolder2 1/index.html). 


To install iFolder on additional servers, follow the instructions in “Configuring iFolder on 
Additional Servers” on page 98. 


For more information about known issues for iFolder servers and workstations, see the Novell 
iFolder 2.1 Readme. 
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Installing iFolder 2.1 on Windows 2000 Server 


This section describes how to install the standalone version of Novell® iFolder® 2.1 server 
software on Microsoft Windows 2000 Service Pack 3, using the following configurations: 


Server Operating System Web Server LDAP Server 
Windows 2000 IIS Novell eDirectory™ 
Windows 2000 IIS Active Directory 


For a description of known issues related to installation, see the Novell iFolder 2.1 Readme. 
See the following sections for installation and configuration information: 

+ “Confirming Prerequisites” on page 39 

+ “Installing (Folder on Windows/IS/eDirectory” on page 39 

+ “Installing ¡Folder on Windows/IIS/Active Directory” on page 43 

+ “What's Next” on page 37 


Confirming Prerequisites 


Before you install Novell iFolder, make sure you have met the following prerequisites and 
download requirements: 


¢ For general ¡Folder server prerequisites, see “Prerequisites for All iFolder 2.1 Servers” on 
page 27. 


¢ For prerequisites particular to Windows 2000 server, see “Prerequisites for Windows 2000 
Servers for ¡Folder 2.1” on page 28. 


¢ For instructions for downloading the Novell ¡Folder 2.1 installation program, see “Download 
Instructions for ¡Folder 2.1” on page 30. 


Installing ¡Folder on Windows/IIS/eDirectory 


This section describes how to install Novell iFolder, using the following configuration: 


Server Operating System Web Server LDAP Server 


Windows 2000 IIS Novell eDirectory 


After you have met the prerequisites for this configuration, you are ready to install ¡Folder. 
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4 Ifyou plan to use LDAP over SSL, locate a self-signed root certificate (rootcert.der) for your 
iFolder server. 


You can export a self-signed root certificate from your certificate server. For information, see 
your Windows 2000 Server documentation or visit the Microsoft Web site (http:// 
www.microsoft.com). 


Save the rootcert.der file to a location on the ¡Folder server or to a floppy disk. For example, 
a:\rootcert.der. Remember this location; you need it in Step 8 on page 40. 


2 If your IIS server is not currently running, start your IIS server. 


3 To start the installation, go to the temporary directory where you saved the installation 
program, then double-click the installation program icon. 


4 The ¡Folder Installation Wizard opens on your desktop. Do one of the following: 
+ New Installation ofiFolder 2.1: Select to either Continue or Cancel the installation. 
If you click Continue, proceed to Step 5 on page 40. 


If you click Cancel, the installation program exits and the ¡Folder server is not installed. 
You can restart the installation at a later time. 


+ Upgrade Installation or Repair of iFolder 2.1: If you are installing ¡Folder 2.1 on an 
existing ¡Folder server, the Installation Wizard automatically detects it. Proceed to Step 
11 on page 41. 


5 For new ¡Folder 2.1 installations, read the End User License Agreement, then do one of the 
following: 


+ Agree (click Yes) 
The installation program proceeds. 
+ Disagree (click No) 


The installation program exits and the ¡Folder server is not installed. You can restart the 
installation at a later time. 


6 To select Novell eDirectory as your LDAP server, click eDirectory. 


TIP: If you have an Active Directory LDAP server and want to install the ¡Folder server on a Windows 
2000 server, follow the installation procedures in “Installing ¡Folder on Windows/IIS/Active Directory” on 
page 43. 


7 Specify the directory on the destination server where you want ¡Folder server to be installed. 
Browse to select the drive letter that you mapped in Step 1 on page 40. 


8 Configure the global settings for the eDirectory LDAP server that your ¡Folder server uses, 
then click Next. 


+ LDAP Host Name or IP: Specify the DNS name (such as ldap1.your-domain- 
name.com) or IP address (such as/92.168.1.1) of the server that acts as your LDAP 
server. Replace ldap1.your-domain-name.com or 192.168. 1.1 with the actual DNS name 
or IP address of your LDAP server. 


This can be the same server that you are configuring as your ¡Folder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


+ Port: Select the port type, based your security needs, for data exchanges between your 
LDAP server and your ¡Folder server. 


Select one of the following methods: 
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+ Clear Text: Specify any valid TCP port number to use for Clear Text exchanges. By 
default, Port 389 is used for Clear Text. 


Use Clear Text if you want to use LDAP without SSL encryption or if your LDAP 
server does not support SSL. Clear Text is also a good choice if iFolder and LDAP 
are running on the same server. Because no communication or data is being 
transferred across network connections, no encryption is necessary. 


+ SSL: Specify any valid TCP port number to use for SSL exchanges. By default, Port 
636 is used for SSL. 


Use SSL if you want to use SSL exchanges to provide your network with encryption 
and security when data is transferred across network connections. 


Root Certificate Path: If you selected the SSL option, provide the full directory path to 
your self-signed root certificate you created or identified in Step | on page 40. 


For example, type a:\rootcert.der if you exported the certificate to a floppy disk. 


LDAP Context Where iFolder Admin User Is Located: Specify the LDAP context. 
For example, o=all. 


9 Configure the iFolder settings for the Windows 2000 server that will be your iFolder server, 
then click Next. 


+ 


iFolder Server Host Name or IP: Specify the DNS name (such as nifl .your-domain- 
name.com) or the IP address (such as 192.168.1.1) to use for your iFolder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


iFolder Admin Names: Specify the default user ID for the iFolder administrator for this 
iFolder server. For example, admin. 


The iFolder Admin Names are the users who have permission to manage the iFolder 
server. You can assign multiple users to be iFolder administrators. For multiple Admin 
Names, separate them with semicolons and with no spaces. For example, 


administrator;jsmith;acatt 


IMPORTANT: All of the users identified here must exist in the context identified in Step 8 on 
page 40. 


Local iFolder User Database Path: Specify the path on the iFolder server where user 
data for all the ¡Folder accounts will be stored. For example, e:\iFolder, where e: is the 
preexisting volume and iFolder is the directory. If desired, you can edit the value later in 
the Windows Registry. 


IMPORTANT: The volume you specify must already exist on the Windows server. The iFolder 
installation program does not create it for you. 


10 Review the settings you provided in the previous steps. To return to previous pages and 


change the settings, click Back and repeat the steps, as necessary. 


When you are done, click Next. 


11 Ifa version of ¡Folder already exists on the server as identified in Step 4 on page 40, do one 


of the following: 


+ 


Upgrade to iFolder 2.1: Click Upgrade/Repair, then do one of the following: 


+ Upgrade from iFolder Standard Edition: The ¡Folder Installation Wizard requests 
that you confirm the upgrade to ¡Folder 2.1. 
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To accept, click Yes. The installation continues and uses the current settings of your 
iFolder 1.x server as the default settings for iFolder 2.1. iFolder notifies you when 
the upgrade installation is complete. User data remains untouched. 


IMPORTANT: You might need to follow a manual upgrade process if you have a large number 
of users who have extended characters in their passphrases. You must also follow special 
precautions if you decide to concurrently use both iFolder 1.0x and iFolder 2.1 systems. For 
information, see Appendix B, “Upgrading from iFolder Standard Edition to iFolder 2.1,” on 
page 147. 


To decline, click No. Your iFolder server is not upgraded. 


+ Upgrade from iFolder 2.0 Professional Edition: The ¡Folder Installation Wizard 
requests that you confirm the upgrade to iFolder 2.1. 


To accept, click Yes. The installation continues and uses the current settings of your 
iFolder 2.0 server as the default settings for iFolder 2.1. iFolder notifies you when 
the upgrade installation is complete. User data remains untouched. 


To decline, click No. Your iFolder server is not upgraded. 


+ Repair iFolder 2.1: Click Upgrade/Repair. The ¡Folder Installation Wizard requests that 
you confirm the repair of iFolder 2.1. 


To accept, click Yes. The reinstall continues and uses the current settings of your iFolder 
2.1 server as the default settings. iFolder notifies you when the repair installation is 
complete. User data remains untouched. 


To decline, click No. Your iFolder 2.1 server is not repaired. 


+ Uninstall iFolder 2.1: Click Uninstall. The ¡Folder Installation Wizard requests that you 
confirm the uninstall. 


To accept, click Yes. The ¡Folder uninstall process stops the ¡Folder server and removes 
all ¡Folder files and settings. ¡Folder notifies you when the uninstall is complete. User 
data remains on the server; you must remove it manually. 


To decline, click No. ¡Folder is not uninstalled. 
12 To exit the Installation Wizard, click Finish. 
13 Extend the eDirectory schema. 
13a Open the ¡Folder Management Console. 
Do one of the following: 
+ Select the Administer ¡Folder option on the last window of the ¡Folder installation. 


+ From a Web browser on your installation workstation, go to the ¡Folder Management 
Console by clicking File > Open, then entering the following URL: 


https://nifl.your-domain-name.com/iFolderServer/Admin 
IMPORTANT: This address is case sensitive. 


Replace nif1.your-domain-name.com with the actual DNS name or IP address of 
your iFolder server. 


13b Click the Global Settings icon. 
13c Log in to the Global Settings page as the Admin user with schema extension privileges. 


On successful login, iFolder extends the eDirectory schema.This can take several 
seconds, so expect a 10- to 30-second delay in the response. When the browser opens to 
the Global Settings page, the installation is complete. 
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Installing ¡Folder on Windows/IIS/Active Directory 


This section describes how to install Novell iFolder, using the following configuration: 


Server Operating System Web Server LDAP Server 


Windows 2000 IIS Active Directory 


After you have met all the prerequisites for this configuration, you are ready to install Novell 
iFolder 2.1. 


4 Ifyou plan to use LDAP over SSL, locate a self-signed root certificate (rootcert.der) for your 
¡Folder server. 


You can export a self-signed root certificate from your certificate server. For information, see 
your Windows 2000 Server documentation or visit the Microsoft Web site (http:// 
www.microsoft.com). 


Save the rootcert.der file to a location on the ¡Folder server or to a floppy disk. For example, 
a:\rootcert.der. Remember this location; you need it in Step 9 on page 44. 


2 If your IIS server is not currently running, start your IIS server. 


3 To start the installation, go to the temporary directory where you saved the installation 
program, then double-click the installation program icon. 


4 The ¡Folder Installation Wizard opens on your desktop. Do one of the following: 
+ New Installation of iFolder 2.1: Continue or Cancel the installation. 
If you click Continue, proceed to Step 5 on page 43. 


If you click Cancel, the installation program exits and iFolder server is not installed. You 
can restart the install at a later time. 


+ Repair of iFolder 2.1: If you are installing ¡Folder 2.1 to repair an existing ¡Folder 
server, the Installation Wizard automatically detects it. Proceed to Step 13 on page 45. 


5 For new iFolder 2.1 installations, read the End User License Agreement, then do one of the 
following: 


+ Agree (click Yes) 
The installation program proceeds. 
+ Disagree (click No) 


The installation program exits and the iFolder server is not installed. You can restart the 
installation at a later time. 


6 To select Microsoft Active Directory as your LDAP server, click Active Directory. 


NOTE: If you have an eDirectory LDAP server and want to install the iFolder server software on a 
Windows 2000 server, follow the installation procedures in “Installing ¡Folder on Windows/IIS/eDirectory” 
on page 39. 


7 Select to extend the Active Directory schema, install iFolder, or both by selecting one of the 
following options: 


+ Complete Install: Install the ¡Folder server and extend the Active Directory schema. 


This option requires that you have the necessary credentials as the iFolder administrator 
and as the schema administrator. 
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+ Install iFolder Server Only: Install the ¡Folder server. 


Before you install iFolder server, you must extend the schema. Run the iFolder 
installation program with the appropriate schema administrator credentials and follow the 
Extend Directory Schema Only path. 


+ Extend Directory Schema Only: Extend the Active Directory schema for an LDAP 
server. 


This option only extends the schema. It does not install the iFolder server software to your 
iFolder server. Before you can use the iFolder server, you must repeat the installation with 
the appropriate iFolder administrator credentials to follow the Install iFolder Server Only 
path. 


If a secondary Active Directory LDAP server exists outside the forest where the primary 
Active Directory LDAP server is installed, you must run the iFolder installation program 
again and select this option to extend the schema for the secondary Active Directory 
LDAP server. 


8 If you chose the Complete Install or Extend Directory Schema Only options in Step 7 on 
page 43, verify your credentials to extend your Active Directory schema by specifying your 
schema administrator Distinguished Name and Password. 


¢ Distinguished Name: Type the full context, using commas with no spaces as 
deliminators. For example, type cn=administrator,cn=users,dc=your-domain- 
name,dc=com. 


+ Password: Type your schema administrator password in this case-sensitive field. 


9 Configure the global settings for your Active Directory LDAP server that your iFolder server 
uses, then click Next. 


+ LDAP Host Name: Specify the DNS name (such as /dap1.your-domain-name.com) of 
the server that acts as your LDAP server. 


Replace /dap1.your-domain-name.com with the actual DNS name of your LDAP server. 


This might be the same server that you are configuring as your iFolder server. 


IMPORTANT: The DNS name you use must already exist as an entry on your DNS server and 
point to the IP address of the destination server. 


+ Port: Select the port type, based your security needs, for data exchanges between your 
LDAP server and your iFolder server. 


Select one of the following methods: 


+ Clear Text: Specify any valid TCP port number to use for Clear Text exchanges. By 
default, Port 389 is used for Clear Text. 


Use Clear Text if you want to use LDAP without SSL encryption or if your LDAP 
server does not support SSL. Clear Text is also a good choice if iFolder and LDAP 
are running on the same server. Because no communication or data is being 
transferred across network connections, no encryption is necessary. 


+ SSL: Specify any valid TCP port number to use for SSL exchanges. By default, Port 
636 is used for SSL. 


Use SSL if you want to use SSL exchanges to provide your network with encryption 
and security when data is transferred across network connections. 


+ LDAP Context Where (Folder Admin User Is Located: Specify the LDAP context. 
For example, cn=administrator,cn=users,dc=your-domain-name,dc=com. 
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IMPORTANT: Make sure the first context in the list is the one that the iFolder administrator is in. 


10 Configure the iFolder settings for your iFolder server, then click Next. 


+ 


iFolder Server Host Name or IP: Enter the DNS name (such as nifl .your-domain- 
name.com) or the IP address (such as 192.168.1.1) to use for your iFolder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


iFolder Admin Names: Specify the default user ID for the iFolder administrator for this 
iFolder server. For example, administrator. 


The iFolder Admin Names are the users who have permission to manage the iFolder 
server, using the iFolder Management Console. You can assign more than one user ID to 
be an iFolder administrator. 


IMPORTANT: All of the users identified here must exist in the context identified in Step 9 on 
page 44. 


If you have multiple user IDs, separate them with semicolons and with no spaces. For 
example, 


administrator;jsmith;acatt 


Local iFolder User Database Path: Specify the path on the iFolder server where user 
data for all the ¡Folder accounts will be stored. For example, e:\iFolder, where e: is the 
volume and iFolder is the directory. You can edit the value later, if desired, in the 
Windows Registry. 


IMPORTANT: The volume you specify must already exist on the Windows server. The iFolder 
installation program will not create it for you dynamically. 


Install on Which ITS Web Site?: If there are multiple Web sites on your server, select 
where you want to install iFolder. 


11 Review the settings you entered in the previous steps. To return to previous pages and change 
the settings, click Back and repeat the steps, as necessary. 


When you are done, click Next. 


12 Log in to Global Settings in the iFolder Management Console to finalize the installation. 


12a Open the iFolder Management Console. 


Do one of the following: 


+ Select the Administer ¡Folder option on the last window of the ¡Folder installation 
process. 


+ Froma Web browser on your installation workstation, go to the ¡Folder Management 
Console, click File > Open, then enter the following URL: 


https://nifl.your-domain-name.com/iFolderServer/Admin 
IMPORTANT: This address is case sensitive. 


Replace nif1.your-domain-name.com with the actual DNS name or IP address of 
your iFolder server. 


12b Click Global Settings, then log in. 


When the browser opens to the Global Settings page, the installation is complete. 


13 Ifa version of iFolder 2.1 already exists on the server as identified in Step 4 on page 43, do 
one of the following: 
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+ Repair iFolder 2.1: Click Upgrade/Repair. The ¡Folder Installation Wizard requests that 
you confirm the repair of iFolder 2.1. 


To accept, click Yes. The reinstall continues and uses the current settings of your iFolder 
2.1 server as the default settings. iFolder notifies you when the repair installation is 
complete. User data remains untouched. 


To decline, click No. Your iFolder 2.1 server is not repaired. 


+ Uninstall iFolder 2.1: Click Uninstall. The ¡Folder Installation Wizard requests that you 
confirm the uninstall of ¡Folder 2.1. 


To accept, click Yes. The ¡Folder uninstall process stops the ¡Folder server and removes 
all ¡Folder files and settings. ¡Folder notifies you when the uninstall is complete. 


IMPORTANT: User data remains on the server; you must remove it manually. The extensions of 
the Active Directory schema also remain. 


To decline, click No. ¡Folder 2.1 is not uninstalled. 
+ Extend Directory Schema Only: Click Extend Directory Schema Only. 


Use this option to extend the schema for secondary or additional Active Directory LDAP 
servers that exist outside the forest where the primary Active Directory LDAP server is 
installed. 


To enter your schema administrator credentials, see Step 8 on page 44. 
To enter the information about your secondary LDAP server, see Step 9 on page 44. 


14 To exit the Installation Wizard, click Finish. 


What's Next 


Follow the instructions for configuring and managing your 1Folder server in the Chapter 11, 
“Using the ¡Folder Management Console to Configure Your ¡Folder System,” on page 85. 


After you provision a user's account for ¡Folder services, a user must initialize the account by 
logging in to the ¡Folder server, using the ¡Folder client, the ¡Folder Java applet available on the 
¡Folder Web site, or NetDrive to initialize an individual ¡Folder account. 


IMPORTANT: If your global client polices include any enforced or hidden settings, the users must log in with 
the ¡Folder client to initialize their ¡Folder user accounts. 


To install the ¡Folder client on your workstations, follow the instructions in the ¡Folder 2.1 Quick 
Start and the Novell ¡Folder 2.1 User Guide, available on the Novell ¡Folder online documentation 
Web site (http://www.novell.com/documentation/Ig/ifolder21/index.html). 


To install ¡Folder on additional servers, follow the instructions in “Configuring ¡Folder on 
Additional Servers” on page 98. 


For more information about known issues for ¡Folder servers and workstations, see the Novell 
¡Folder 2.1 Readme. 


For a description of known issues related to installation, see the Novell ¡Folder 2.1 Readme. 
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Installing iFolder 2.1 on Red Hat Linux 8 


This section describes the how to install the standalone version of Novell® iFolder® 2.1 server, 
using the following configuration: 


Server Operating System Web Server LDAP Server 


Red Hat Linux 8 Apache 2.0.43 Novell eDirectory™ 


NOTE: The instructions in this section do not apply when installing iFolder 2.1.2, as bundled with Novell 
Nterprise™ Linux Services. Please follow the prerequisite and installation instructions provided in the Novell 
Nterprise Linux Services Installation Guide. 


For a description of known issues related to installation, see the Novell iFolder 2.1 Readme. 


The following topics are discussed: 
+ “Installing Apache 2.0.43 on Red Hat Linux 8” on page 47 
+ “Confirming Prerequisites” on page 48 
+ “Installing ¡Folder Server, Using a GUI” on page 48 
+ “Installing iFolder Server, Using a Console” on page 51 


+ “What's Next” on page 53 


Installing Apache 2.0.43 on Red Hat Linux 8 
The ¡Folder 2.1 installation program ifolder2.1-linux.tgz includes a binary distribution of Apache 
Web Server 2.0.43. 


1 If Apache Web Server is installed on your Red Hat Linux 8 server, uninstall it by removing 
the related program files. For example, at the command prompt enter 


rm -rf /usr/local/apachex 
where apachex is the directory that contains Apache program files. 
2 Go to the directory where you downloaded the installation program ifolder2. 1-linux.tgz. 
For example, at the command prompt, enter 
cd <path to download location> 
3 To unpack the compressed TAR file, at the command prompt, enter 
tar -zxvf ifolder2.1-linux.tgz 
This creates the following directories and files: 


+  ifolder2.1-linux/ 
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+ ifolder2.1-install-linux 
¢  1folder2.1-linux/apache2-linux/ 
+ gencerts.sh 
+ httpd-2.0.43-1686-pc-linux-gnu.readme 
+ httpd-2.0.43-1686-pc-linux-gnu.tar.gz 

4 To unpack the Apache software, at the server prompt, enter 
cd ifolder2.1-linux/apache2-linux/ 
tar zxfv httpd-2.0.43-i686-pc-linux-gnu.tar.gz 

5 To install Apache 2.0.43, at the command prompt, enter 
cd httpd-2.0.43 
./install-bindist.sh 
This installs Apache 2.0.43 in /usr/local/apache2. 

6 Edit the /usr/local/apache2/conf/httpd.conf file to add the following line at the end of the file: 
include /usr/local/ifolder/Server/httpd ifolder unix.conf 
The httpd_ifolder_unix.conf file contains the ¡Folder server settings. 

7 Start Apache by doing one of the following: 

+ For clear text, at the command prompt, enter 
/usr/local/apache2/bin/apachectl start 
+ For SSL, at the command prompt, enter 


/usr/local/apache2/bin/apachectl startssl 


Confirming Prerequisites 
Before you install Novell ¡Folder 2.1, make sure you have met the following prerequisites and 
download requirements: 


U For general ¡Folder server prerequisites, see “Prerequisites for All iFolder 2.1 Servers” on 
page 27. 


U For prerequisites particular to Linux, see “Prerequisites for Linux Servers for iFolder 2.1” on 
page 29. 


Q For instructions for downloading Novell ¡Folder 2.1, see “Download Instructions for iFolder 
2.1” on page 30. 


Installing ¡Folder Server, Using a GUI 


After you have met all the prerequisites for this configuration, you are ready to install Novell 
¡Folder 2.1 on your Linux server. This procedure is for a GUI install. For a console install, see 
“Installing ¡Folder Server, Using a Console” on page 51. 


1 Go to the directory where you saved the installation program ifolder2.1-linux.tgz. 


2 To unpack the compressed TAR file, enter the following line at the command prompt: 
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tar -zxvf ifolder2.1-linux.tgz 


This creates the following directories and files: 


+ 


+ 


ifolder2.1-linux/ 
¢ ifolder2.1-install-linux 
1folder2.1-linux/apache2-linux/ 
+ gencerts.sh 
+ httpd-2.0.43-1686-pc-linux-gnu.readme 
+ httpd-2.0.43-1686-pc-linux-gnu.tar.gz 


3 To begin the iFolder installation, go to the /root/ifolder2.1-linux directory, then enter the 
following lines at the command prompt: 


cd /root/ifolder2.1-linux 


./ifolder2 .1-install-linux 


This launches a GUI install process. 


4 Read the End User License Agreement, then click one of the following: 


+ 


Accept 
Click Next. The installation process proceeds. 
Do not accept 


Click Fxit. The installation program exits and the iFolder server is not installed. You can 
restart the installation at a later time. 


5 Specify the directory location where you want to install iFolder, then click Next. The default 
path and directory is /usr/local/iFolder. 


6 Configure the global settings for your eDirectory LDAP server that your iFolder server uses. 


+ 


LDAP Host Name or IP: Specify the DNS name (such as Idap1.your-domain- 
name.com) or IP address (such as 192.168.1.1) of the server that acts as your LDAP 
server. 


For Linux, this is the same server that you are configuring as your iFolder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


Port: Select the port type, based your security needs, for data exchanges between your 
LDAP server and your iFolder server. 


Select one of the following methods: 


+ Clear Text: Specify any valid TCP port number to use for Clear Text exchanges. By 
default, Port 389 is used for Clear Text. 


Use Clear Text if you want to use LDAP without SSL encryption or if your LDAP 
server does not support SSL. Clear Text is also a good choice if iFolder and LDAP 
are running on the same server. Because no communication or data is being 
transferred across network connections, no encryption is necessary. 


+ SSL: Specify any valid TCP port number to use for SSL exchanges. By default, Port 
636 is used for SSL. 
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Use SSL if you want to use SSL exchanges to provide your network with encryption 
and security when data is transferred across network connections. 


+ LDAP Context Where iFolder Admin User Is Located: Specify the LDAP context. 
For example, o=a11. 


7 Configure the ¡Folder settings for your 1Folder server, then click Next. 


+ ¡Folder Server Host Name or IP: Specify the DNS name (such as nif] .your-domain- 
name.com) or the IP address (such as 192.168.1.1) to use for your ¡Folder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


+ ¡Folder Admin Names: Specify the default user ID for the ¡Folder administrator for this 
¡Folder server. For example, admin. 


The ¡Folder Admin Names are the users who have permission to manage the ¡Folder 
server. You can assign more than one user ID to be an ¡Folder administrator. 


IMPORTANT: All of the users identified here must exist in the context identified in Step 6 on 
page 49. 


If you have multiple user IDs, separate them with semicolons and with no spaces. For 
example, 


admin;jsmith;acatt 


+ Local (Folder User Database Path: Specify the path on the ¡Folder server where user 
data for all the ¡Folder accounts will be stored. For example, usr/local/ifolderdata. If 
desired, you can edit this value later in the usr/local/iFolderServer/ 
httpd_ifolder_unix.conf file. 


IMPORTANT: If you specify another volume name, that volume must already exist on the Linux 
server. The ¡Folder installation program will not create it for you. 


8 Review the settings you entered in the previous steps. To return to previous pages and change 
the settings, click Back and repeat the steps, as necessary. 


When you are satisfied with your settings, click Done. 


9 After the software is installed on your Linux server, you must start the Apache Web server to 
make the changes permanent. 


Do one of the following, depending on whether you selected a Clear Text port or SSL port for 
your ¡Folder server settings: 


+ Clear Text: Enter the following from the Linux command prompt: 
ulimit -n 2048 
/usr/local/apache2/bin/apachectl start 

+ SSL: Enter the following lines from the Linux command prompt: 
ulimit -n 2048 
/usr/local/apache2/bin/apachectl startssl 

10 Extend the eDirectory schema. 
10a Open the ¡Folder Management Console. 
Do one of the following: 


+ Select the Administer ¡Folder option on the last window of the ¡Folder installation. 
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+ Froma Web browser on your installation workstation, go to the ¡Folder Management 
Console, click File > Open, then enter the following URL: 


https://nif1.your-domain-name.com/iFolderServer/Admin 


IMPORTANT: This address is case sensitive. 


Replace nif!.your-domain- name.com with the actual DNS name or IP address of 
your ¡Folder server. 


10b Click the Global Settings icon. 
10c Log in to the Global Settings page as the Admin user. 


On successful login, ¡Folder extends the eDirectory schema.This can take several 
seconds, so expect a 10- to 30-second delay in the response. 


When the browser opens to the Global Settings page, the installation is complete. 


Installing ¡Folder Server, Using a Console 


After you have met all the prerequisites for this configuration, you are ready to install Novell 
¡Folder 2.1 on your Linux server. This procedure is for a console install. For a GUI install, see 
“Installing ¡Folder Server, Using a GUI” on page 48. 


1 Go to the directory where you saved the installation program ifolder2.1-linux.tgz. 
2 To unpack the compressed TAR file, enter the following line at the command prompt: 
tar -zxvf ifolder2.1-linux.tgz 
This creates the following directories and files: 
+ = ifolder2.1-linux/ 
¢ ifolder2.1-install-linux 
¢ = ifolder2.1-linux/apache2-linux/ 
+ gencerts.sh 
+ httpd-2.0.43-1686-pc-linux-gnu.readme 
+ httpd-2.0.43-1686-pc-linux-gnu.tar.gz 


3 To begin the ¡Folder installation, go to the /root/ifolder2.1-linux directory, then enter these 
lines at the command prompt: 


cd /root/ifolder2.1-linux 
./ifolder2.1-install-linux -i console 
This launches a console install process. 
4 Read the End User License Agreement, select one of the following, then press Enter: 
+ Accept 
Proceed to Step 5 on page 49. 
+ Do not accept 


The installation program exits and the iFolder server is not installed. You can restart the 
install at a later time. 
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5 Specify the directory location where you want to install iFolder, then press Enter. The default 
path and directory is /usr/local/ifolder. 


6 Complete the Web Server Information for your iFolder server. 
Ba Specify the ¡Folder server hostname or IP address, then press Enter. 


Type the DNS name (such as nifl .your-domain-name.com) or the IP address (such as 
192.168.1.1) to use for your ¡Folder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


6b Specify the HTTP and HTTPS ports to use for your ¡Folder server, then press Enter. 
7 Specify the global LDAP Settings for your eDirectory LDAP server. 
7a Specify the LDAP hostname or IP address of your LDAP server, then press Enter. 


Type the DNS name (such as Idap1.your-domain-name.com) or IP address (such as 
192.168.1.1) of the server that acts as your LDAP server. 


For Linux, this is the same server that you are configuring as your iFolder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


7b Specify the LDAP port type, based on your security needs, for data exchanges between 
the iFolder server and LDAP server, then press Enter. 


Select one of the following methods: 


+ Clear Text: Specify any valid TCP port number to use for Clear Text exchanges. By 
default, Port 389 is used for Clear Text. 


Use Clear Text if you want to use LDAP without SSL encryption or if your LDAP 
server does not support SSL. Clear Text is also a good choice if iFolder and LDAP 
are running on the same server. Because no communication or data is being 
transferred across network connections, no encryption is necessary. 


+ SSL: Specify any valid TCP port number to use for SSL exchanges. By default, Port 
636 is used for SSL. 


Use SSL if you want to use SSL exchanges to provide your network with encryption 
and security when data is transferred across network connections 


7c If you selected SSL as your LDAP setting in Step 7b, specify the location (full path and 
directory) of your self-signed root certificate, then press Enter. 


7d Specify the LDAP context where the ¡Folder Admin user is located, then press Enter. 
For example, o=all. 
8 Specify the iFolder Settings for your iFolder server. 
8a Type your Local ¡Folder User Database Path, then press Enter. 


This is the path on the iFolder server where user data for all the iFolder accounts will be 
stored. For example, usr/local/ifolderdata. 


IMPORTANT: If you specify another volume name, that volume must already exist on the Linux 
server. The iFolder installation program will not create it for you. 


8b Specify iFolder Admin Names, then press Enter. 


Type the default user ID for the iFolder administrator for this iFolder server. For example, 
admin. 


52 Novell iFolder 2.1 Installation and Administration Guide 


Novell Confidential 


What’s Next 


Manual (99a) 21 December 2004 


The iFolder Admin Names are the users who have permission to manage the iFolder 
server. You can assign more than one user ID to be an iFolder administrator. 


IMPORTANT: All of the users identified here must exist in the context identified in Step 7d on 
page 52. 


If you have multiple user IDs, separate them with semicolons and with no spaces. For 
example, 


admin; jsmith;acatt 


9 After the software is installed on your Linux server, you must start the Apache Web server to 
make the changes permanent. 


Do one of the following, depending on whether you selected a Clear Text port or SSL port for 
your iFolder server settings: 


+ 


Clear Text: Enter these commands from the Linux command prompt: 
ulimit -n 2048 

/usr/local/apache2/bin/apachectl start 

SSL: Enter these commands from the Linux command prompt: 
ulimit -n 2048 

/usr/local/apache2/bin/apachectl startssl 


10 Extend the eDirectory schema. 


10a Open the iFolder Management Console. 


Do one of the following: 


+ Select the Administer ¡Folder option in the last window of the ¡Folder installation 
process. 


+ Froma Web browser on your installation workstation, go to the ¡Folder Management 
Console, click File > Open, then enter the following URL: 


https://nif1.your-domain-name.com/iFolderServer/Admin 
IMPORTANT: This address is case sensitive. 


Replace nif!.your-domain- name.com with the actual DNS name or IP address of 
your ¡Folder server. 


10b Click the Global Settings icon. 


10c Log in to the Global Settings page as the Admin user. 


On successful login, ¡Folder extends the eDirectory schema. This can take several 
seconds, so expect a 10- to 30-second delay in the response. 


When the browser opens to the Global Settings General Information page, the installation 
is complete. 


Follow the instructions for configuring and managing your iFolder server in Chapter 11, “Using 
the iFolder Management Console to Configure Your iFolder System,” on page 85. 
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After you provision a user’s account for iFolder services, to initialize an iFolder account, a user 
must log in to the ¡Folder server, using the ¡Folder client, the ¡Folder Web site Login (not the PDA 
Login), or NetDrive. 


IMPORTANT: If your global client polices include any enforced or hidden settings, the users must log in with 
the iFolder client to initialize their iFolder user accounts. 


To install the iFolder client on your workstations, follow the instructions in the iFolder 2.1 Quick 
Start and the Novell iFolder 2.1 User Guide, available on the Novell iFolder online documentation 
Web site (http://www.novell.com/documentation/lg/ifolder21/index.html). 


To install ¡Folder on additional servers, follow the instructions in “Configuring ¡Folder on 
Additional Servers” on page 98. 


For more information about known issues for ¡Folder servers and workstations, see the Novell 
¡Folder 2.1 Readme. 
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Installing iFolder 2.1.2 on Novell Nterprise Linux 
Services 


For instructions on installing Novell® iFolder® 2.1.2 on Novell Nterprise™ Linux™ Services, 
please follow the prerequisites and installation instructions provided in the Novell Nterprise Linux 
Services Installation Guide. 


As bundled with Nterprise Linux Services and later, iFolder 2.1.2 supports the following server 


configurations: 
Server Operating Systems Web Server LDAP Server 
Red Hat Enterprise Linux AS 2.1 Apache Web Server 2.0.48 Novell eDirectory™ 8.7.3 


Red Hat Enterprise Linux ES 2.1 


SUSE Linux Enterprise Server 
8.0 


For a description of known issues related to installation, see the Novell iFolder 2.1 Readme. 


What’s Next 


Follow the instructions for configuring and managing your iFolder server in Chapter 11, “Using 
the iFolder Management Console to Configure Your iFolder System,” on page 85. 


After you provision a user’s account for iFolder services, to initialize an iFolder account, a user 
must log in to the iFolder server, using the iFolder client, the iFolder Web site Login, or NetDrive. 


IMPORTANT: If your global client polices include any enforced or hidden settings, the users must log in with 
the iFolder client to initialize their iFolder user accounts. 


To install the ¡Folder client on your workstations, follow the instructions in the ¡Folder 2.1 Quick 
Start and the Novell ¡Folder 2.1 User Guide, available on the Novell iFolder online documentation 
Web site (http://www.novell.com/documentation/lg/ifolder21/index.html). 


To install ¡Folder on additional servers, follow the instructions in “Configuring ¡Folder on 
Additional Servers” on page 98. 


For more information about known issues for ¡Folder servers and workstations, see the Novell 
¡Folder 2.1 Readme. 
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Installing iFolder 2.1.3 on Windows 2003 and 
Windows 2000 Server 


This section describes how to install the standalone version of Novell® iFolder® 2.1.3 server 
software on Microsoft Windows 2003, using the following configurations: 


Server Operating System Web Server LDAP Server 

Windows 2003 IIS 6.0 Novell eDirectory™ and Active 
Directory 

Windows 2000 IIS 6.0 Novell eDirectory™ and Active 
Directory 


For more information about known issues for iFolder servers and workstations, see the Novell 
iFolder 2.1 Readme. 


See the following sections for installation and configuration information: 
+ Confirming Prerequisites (page 57) 
¢ Installing iFolder on Windows/IIS/eDirectory (page 57) 
¢ Installing iFolder on Windows/IIS/eDirectory (page 57) 
+ What's Next (page 37) 


Confirming Prerequisites 
Before you install Novell iFolder, make sure you have met the following prerequisites and 
download requirements: 

Q Windows 2003 server 

A IIS 6.0 


Q) For general iFolder server prerequisites, see “Prerequisites for All iFolder 2.1 Servers” on 
page 27. 


A For instructions for downloading the Novell iFolder 2.1 installation program, see “Download 
Instructions for iFolder 2.1” on page 30. 


Installing ¡Folder on Windows/IIS/eDirectory 


This section describes how to install Novell iFolder, using the following configuration: 
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Server Operating System Web Server LDAP Server 


Windows 2003 IIS Novell eDirectory 


After you have met the prerequisites for this configuration, you are ready to install iFolder. 


4 Ifyou plan to use LDAP over SSL, locate a self-signed root certificate (rootcert.der) for your 
iFolder server. 


You can export a self-signed root certificate from your certificate server. For information, see 
the Windows 2003 Server documentation or visit the Microsoft Web site (http:// 
www.microsoft.com). 


Save the rootcert.der file to a location on the iFolder server or to a floppy disk. For example, 
a:\rootcert.der. Remember this location; you need it in Step 8. 


2 Ifthe IIS server is not currently running, start it. 


3 To start the installation, go to the temporary directory where you saved the installation 
program, then double-click the installation program icon. 


4 The iFolder Installation Wizard opens on your desktop. Do one of the following: 
+ New Installation of iFolder 2.1: Select to either Continue or Cancel the installation. 
If you click Continue, proceed to Step 5. 


If you click Cancel, the installation program exits and the iFolder server is not installed. 
You can restart the installation at a later time. 


+ Upgrade Installation or Repair of iFolder 2.1: If you are installing ¡Folder 2.1 on an 
existing iFolder server, the Installation Wizard automatically detects it. Proceed to Step 
11 on page 60. 


5 For new iFolder 2.1 installations, read the End User License Agreement, then do one of the 
following: 


+ Agree (click Yes) 
The installation program proceeds. 
+ Disagree (click No) 


The installation program exits and the iFolder server is not installed. You can restart the 
installation at a later time. 


6 To select Novell eDirectory as your LDAP server, click eDirectory. 


TIP: If you have an Active Directory LDAP server and want to install the iFolder server on a Windows 
2003 server, follow the installation procedures in “Installing ¡Folder on Windows/IIS/Active Directory” on 
page 61. 


7 Specify the directory on the destination server where you want iFolder server to be installed. 
Browse to select the drive letter that you mapped in Step 1. 


8 Configure the global settings for the eDirectory LDAP server that your iFolder server uses, 
then click Next. 


+ LDAP Host Name or IP: Specify the DNS name (such as /dap1.your-domain- 
name.com) or IP address (such as/92.168.1.1) of the server that acts as your LDAP 
server. Replace /dap!.your-domain-name.com or 192.168.1.1 with the actual DNS name 
or IP address of your LDAP server. 
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This can be the same server that you are configuring as your iFolder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


Port: Select the port type, based on your security needs, for data exchanges between your 
LDAP server and your iFolder server. 


Select one of the following methods: 


+ Clear Text: Specify any valid TCP port number to use for Clear Text exchanges. By 
default, Port 389 is used for Clear Text. 


Use Clear Text if you want to use LDAP without SSL encryption or if your LDAP 
server does not support SSL. Clear Text is also a good choice if iFolder and LDAP 
are running on the same server. Because no communication or data is being 
transferred across network connections, no encryption is necessary. 


+ SSL: Specify any valid TCP port number to use for SSL exchanges. By default, Port 
636 is used for SSL. 


Use SSL if you want to use SSL exchanges to provide your network with encryption 
and security when data is transferred across network connections. 


Root Certificate Path: If you selected the SSL option, provide the full directory path to 
your self-signed root certificate you created or identified in Step | on page 58. 


For example, type a:\rootcert.der if you exported the certificate to a floppy disk. 


LDAP Context Where iFolder Admin User Is Located: Specify the LDAP context. 
For example, o=all. 


9 Configure the iFolder settings for the Windows 2003 server that will be your iFolder server, 
then click Next. 


+ 


iFolder Server Host Name or IP: Specify the DNS name (such as nifl .your-domain- 
name.com) or the IP address (such as 192.168.1.1) to use for your iFolder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


iFolder Admin Names: Specify the default user ID for the iFolder administrator for this 
iFolder server. For example, admin. 


The iFolder Admin Names are the users who have permission to manage the iFolder 
server. You can assign multiple users to be iFolder administrators. For multiple Admin 
Names, separate them with semicolons and with no spaces. For example, 


administrator;jsmith;acatt 


IMPORTANT: All of the users identified here must have admin privileges and must exist in the 
context identified in Step 8 on page 58. 


Local iFolder User Database Path: Specify the path on the iFolder server where user 
data for all the ¡Folder accounts will be stored. For example, e-liFolder, where e. is the 
preexisting volume and ¡Folder is the directory. If desired, you can edit the value later in 
the Windows Registry. 


IMPORTANT: The volume you specify must already exist on the Windows server. The ¡Folder 
installation program does not create it for you. 


Install on Which IIS Web Site?: If there are multiple Web sites on your server, select 
where you want to install iFolder. 
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10 Review the settings you provided in the previous steps. To return to previous pages and 
change the settings, click Back and repeat the steps, as necessary. 


When you are done, click Next. 


11 Ifa version of ¡Folder already exists on the server as identified in Step 4 on page 58, do one 
of the following: 


+ Upgrade to iFolder 2.1: Click Upgrade/Repair, then do one of the following: 


+ Upgrade from iFolder Standard Edition: The ¡Folder Installation Wizard requests 
that you confirm the upgrade to ¡Folder 2.1. 


To accept, click Yes. The installation continues and uses the current settings of your 
¡Folder 1.x server as the default settings for ¡Folder 2.1. ¡Folder notifies you when 
the upgrade installation is complete. User data remains untouched. 


IMPORTANT: You might need to follow a manual upgrade process if you have a large number 
of users who have extended characters in their passphrases. You must also follow special 
precautions if you decide to concurrently use both ¡Folder 1.0x and ¡Folder 2.1 systems. For 
information, see Appendix B, “Upgrading from ¡Folder Standard Edition to ¡Folder 2.1,” on 
page 147. 


To decline, click No. Your ¡Folder server is not upgraded. 


+ Upgrade from ¡Folder 2.0 Professional Edition: The ¡Folder Installation Wizard 
requests that you confirm the upgrade to ¡Folder 2.1. 


To accept, click Yes. The installation continues and uses the current settings of your 
¡Folder 2.0 server as the default settings for ¡Folder 2.1. ¡Folder notifies you when 
the upgrade installation is complete. User data remains untouched. 


To decline, click No. Your ¡Folder server is not upgraded. 


+ Repair iFolder 2.1: Click Upgrade/Repair. The ¡Folder Installation Wizard requests that 
you confirm the repair of ¡Folder 2.1. 


To accept, click Yes. The reinstall continues and uses the current settings of your ¡Folder 
2.1 server as the default settings. ¡Folder notifies you when the repair installation is 
complete. User data remains untouched. 


To decline, click No. Your ¡Folder 2.1 server is not repaired. 


+ Uninstall iFolder 2.1: Click Uninstall. The ¡Folder Installation Wizard requests that you 
confirm the uninstall. 


To accept, click Yes. The ¡Folder uninstall process stops the ¡Folder services and removes 
all ¡Folder files and settings. ¡Folder notifies you when the uninstall is complete. User 
data remains on the server; you must remove it manually. 


To decline, click No. ¡Folder is not uninstalled. 
12 To exit the Installation Wizard, click Finish. 
13 Extend the eDirectory schema. 
13a Open the ¡Folder Management Console. 
Do one of the following: 
+ Select the Administer ¡Folder option on the last window of the ¡Folder installation. 


+ From a Web browser on your installation workstation, go to the ¡Folder Management 
Console by clicking File > Open, then entering the following URL: 


https://nifl.your-domain-name.com/iFolderServer/Admin 
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IMPORTANT: This address is case sensitive. 


Replace nif1.your-domain-name.com with the actual DNS name or IP address of 
your iFolder server. 


13b Click the Global Settings icon. 
13c Log in to the Global Settings page as the Admin user with schema extension privileges. 


On successful login, iFolder extends the eDirectory schema.This can take several 
seconds, so expect a 10- to 30-second delay in the response. When the browser opens to 
the Global Settings page, the installation is complete. 


Installing ¡Folder on Windows/IIS/Active Directory 


This section describes how to install Novell iFolder, using the following configuration: 


Server Operating System Web Server LDAP Server 


Windows 2003 IIS Active Directory 


After you have met all the prerequisites for this configuration, you are ready to install Novell 
iFolder 2.1. 


1 If the IIS server is not currently running, start it. 


2 To start the installation, go to the temporary directory where you saved the installation 
program, then double-click the installation program icon. 


3 The iFolder Installation Wizard opens on your desktop. Do one of the following: 


+ New Installation of iFolder 2.1: Continue or Cancel the installation. 
If you click Continue, proceed to Step 4 on page 61. 


If you click Cancel, the installation program exits and iFolder server is not installed. You 
can restart the install at a later time. 


+ Repair of iFolder 2.1: If you are installing ¡Folder 2.1 to repair an existing ¡Folder 
server, the Installation Wizard automatically detects it. Proceed to Step 12 on page 64. 


4 For new iFolder 2.1 installations, read the End User License Agreement, then do one of the 


following: 
+ Agree (click Yes) 

The installation program proceeds. 
+ Disagree (click No) 


The installation program exits and the iFolder server is not installed. You can restart the 
installation at a later time. 


5 To select Microsoft Active Directory as your LDAP server, click Active Directory. 


NOTE: If you have an eDirectory LDAP server and want to install the (Folder server software on a 
Windows 2003 server, follow the installation procedures in “Installing ¡Folder on Windows/IIS/eDirectory” 
on page 57. 


6 Select to extend the Active Directory schema, install iFolder, or both by selecting one of the 


following options: 


+ Complete Install: Install the ¡Folder server and extend the Active Directory schema. 
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This option requires that you have the necessary credentials as the iFolder administrator 
and as the schema administrator. 


+ Install iFolder Server Only: Install the ¡Folder server. 


Before you install ¡Folder server, you must extend the schema. Run the ¡Folder 
installation program with the appropriate schema administrator credentials and follow the 
Extend Directory Schema Only path. 


+ Extend Directory Schema Only: Extend the Active Directory schema for an LDAP 
server. 


This option only extends the schema. It does not install the ¡Folder server software to your 
¡Folder server. Before you can use the ¡Folder server, you must repeat the installation with 
the appropriate ¡Folder administrator credentials to follow the Install ¡Folder Server Only 
path. 


Ifa secondary Active Directory LDAP server exists outside the forest where the primary 
Active Directory LDAP server is installed, you must run the ¡Folder installation program 
again and select this option to extend the schema for the secondary Active Directory 
LDAP server. 


7 If you chose the Complete Install or Extend Directory Schema Only options in Step 6 on 
page 61, verify your credentials to extend your Active Directory schema by specifying your 
schema administrator Distinguished Name and Password. 


+ Distinguished Name: Type the full context, using commas with no spaces as 
deliminators. For example, type cn=administrator,cn=users,dc=your-domain- 
name,dc=com. 


+ Password: Type your schema administrator password in this case-sensitive field. 


8 Configure the global settings for your Active Directory LDAP server that your iFolder server 
uses, then click Next. 


+ LDAP Host Name: Specify the DNS name (such as /dap/.your-domain-name.com) of 
the server that acts as your LDAP server. 


Replace /dap!.your-domain-name.com with the actual DNS name of your LDAP server. 


This might be the same server that you are configuring as your iFolder server. 


IMPORTANT: The DNS name you use must already exist as an entry on your DNS server and 
point to the IP address of the destination server. 


+ Port: Select the port type, based on your security needs, for data exchanges between your 
LDAP server and your iFolder server. 


Select one of the following methods: 


+ Clear Text: Specify any valid TCP port number to use for Clear Text exchanges. By 
default, Port 389 is used for Clear Text. 


Use Clear Text if you want to use LDAP without SSL encryption or if your LDAP 
server does not support SSL. Clear Text is also a good choice if iFolder and LDAP 
are running on the same server. Because no communication or data is being 
transferred across network connections, no encryption is necessary. 


+ SSL: Specify any valid TCP port number to use for SSL exchanges. By default, Port 
636 is used for SSL. 


Use SSL if you want to use SSL exchanges to provide your network with encryption 
and security when data is transferred across network connections. 
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In Active Directory, LDAP over SSL is not enabled by default. If you select 636 as 
the LDAP port during installation, ensure that LDAP over SSL is enabled and the 
server is listening on the port. Otherwise the schema extension will fail. 


LDAP Context Where iFolder Admin User Is Located: Specify the LDAP context. 
For example, cn=administrator,cn=users,dc=your-domain-name,dc=com. 


IMPORTANT: Make sure the first context in the list is the one that the iFolder administrator is in. 


9 Configure the iFolder settings for your iFolder server, then click Next. 


+ 


iFolder Server Host Name or IP: Enter the DNS name (such as nifl .your-domain- 
name.com) or the IP address (such as 192.168.1.1) to use for your iFolder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


iFolder Admin Names: Specify the default user ID for the iFolder administrator for this 
iFolder server. For example, administrator. 


The iFolder Admin Names are the users who have permission to manage the iFolder 
server, using the iFolder Management Console. You can assign more than one user ID to 
be an iFolder administrator. 


IMPORTANT: All of the users identified here must exist in the context identified in Step 8 on 
page 62. 


If you have multiple user IDs, separate them with semicolons and with no spaces. For 
example, 


administrator; jsmith;acatt 


Local iFolder User Database Path: Specify the path on the iFolder server where user 
data for all the ¡Folder accounts will be stored. For example, e-liFolder, where e. is the 
volume and iF older is the directory. You can edit the value later, if desired, in the 
Windows Registry. 


IMPORTANT: The volume you specify must already exist on the Windows server. The iFolder 
installation program will not create it for you dynamically. 


Install on Which ITS Web Site?: If there are multiple Web sites on your server, select 
where you want to install iFolder. 


10 Review the settings you entered in the previous steps. To return to previous pages and change 


the settings, click Back and repeat the steps, as necessary. 


When you are done, click Next. 


11 Log in to Global Settings in the ¡Folder Management Console to finalize the installation. 


11a Open the iFolder Management Console. 


Do one of the following: 


+ Select the Administer ¡Folder option on the last window of the ¡Folder installation 
process. 


+ Froma Web browser on your installation workstation, go to the ¡Folder Management 
Console, click File > Open, then enter the following URL: 


https://nifl.your-domain-name.com/iFolderServer/Admin 


IMPORTANT: This address is case sensitive. 


Replace nif1.your-domain-name.com with the actual DNS name or IP address of 
your iFolder server. 
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11b Click Global Settings, then log in. 
When the browser opens to the Global Settings page, the installation is complete. 


12 Ifa version of iFolder 2.1 already exists on the server as identified in Step 3 on page 61, do 
one of the following: 


+ Repair iFolder 2.1: Click Upgrade/Repair. The ¡Folder Installation Wizard requests that 
you confirm the repair of iFolder 2.1. 


To accept, click Yes. The reinstall continues and uses the current settings of your iFolder 
2.1 server as the default settings. iFolder notifies you when the repair installation is 
complete. User data remains untouched. 


To decline, click No. Your iFolder 2.1 server is not repaired. 


+ Uninstall iFolder 2.1: Click Uninstall. The ¡Folder Installation Wizard requests that you 
confirm the uninstall of iFolder 2.1. 


To accept, click Yes. The iFolder uninstall process stops the ¡Folder server and removes 
all iFolder files and settings. iFolder notifies you when the uninstall is complete. 


IMPORTANT: User data remains on the server; you must remove it manually. The extensions of 
the Active Directory schema also remain. 


To decline, click No. iFolder 2.1 is not uninstalled. 
+ Extend Directory Schema Only: Click Extend Directory Schema Only. 


Use this option to extend the schema for secondary or additional Active Directory LDAP 
servers that exist outside the forest where the primary Active Directory LDAP server is 
installed. 


To enter your schema administrator credentials, see Step 8 on page 44. 
To enter the information about your secondary LDAP server, see Step 9 on page 44. 


13 To exit the Installation Wizard, click Finish. 


Post-Install Procedures 
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IIS 5.x has a wildcard MIME mapping that permits IIS to serve any file regardless of its extension. 
IIS 6.0 does not include this wildcard character MIME mapping and does not serve any type of 
extension that is not defined at the MimeMap node in the ITS metabase. 


For more information, see the Microsoft* Support Web Site (http://support.microsoft.com/ 
default.aspx?scid=kb;en-us;326965). 


After installing ¡Folder on IIS 6.0, you must include the MIME mapping to allow it to serve .dat 
files. To do this: 


1 Open the IIS Microsoft Management Console (MMC), right-click the update virtual directory, 
and then click Properties. 


2 Select the HTTP Headers tab > click MIME Types. 
3 Click New > In the Extension box, enable wildcard mapping by entering the following: 
x 
4 In the MIME Type box, enter the following:. 
application/octet-stream 


5 Apply the new settings, and then restart the World Wide Web Publishing Service. 
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The update directory now serves files with any file extension. 


What’s Next 


Follow the instructions for configuring and managing your ¡Folder server in the Chapter 11, 
“Using the iFolder Management Console to Configure Your iFolder System,” on page 85. 


After you provision a user’s account for iFolder services, a user must initialize the account by 
logging in to the iFolder server, using the iFolder client, the iFolder Java applet available on the 
iFolder Web site, or NetDrive to initialize an individual iFolder account. 


IMPORTANT: If your global client polices include any enforced or hidden settings, the users must log in with 
the iFolder client to initialize their iFolder user accounts. 


To install the ¡Folder client on your workstations, follow the instructions in the ¡Folder 2.1 Quick 
Start and the Novell iFolder 2.1 User Guide, available on the Novell iFolder online documentation 
Web site (http://www.novell.com/documentation/lg/ifolder21/index.html). 


To install ¡Folder on additional servers, follow the instructions in “Configuring ¡Folder on 
Additional Servers” on page 98. 
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Installing iFolder 2.1.5 on Windows 2000 and 
Windows 2003 Server 


This section describes how to install the standalone version of Novell® iFolder® 2.1.5 server 
software on Microsoft Windows 2000 and Windows 2003 server, using the following 


configurations: 
Server Operating System Web Server LDAP Server 
Windows 2000 IIS 6.0 Novell eDirectory™ and Active 
Directory 
Windows 20003 IIS 6.0 Novell eDirectory™ and Active 
Directory 


For more information about known issues for iFolder servers and workstations, see the Novell 
iFolder 2.1 Readme. 


See the following sections for installation and configuration information: 
+ “Prerequisites for Windows 2000/ Windows 2003 Servers” on page 67 
+ “Installing ¡Folder on Windows/IIS/eDirectory” on page 68 
+ “Installing ¡Folder on Windows/IIS/Active Directory” on page 71 


NOTE: Unless specifically mentioned the installation steps will be same for WIndows 2000 and WIndows 2003 
Server. 


| Prerequisites for Windows 2000/ Windows 2003 Servers 


Before you install Novell iFolder 2.1.5, make sure your Windows server and enterprise network 
environment meet all of the following prerequisites. 


A Install Windows 2000 Server SP4 or Windows 2003 (Standard or Enterprise). 


Q) Create a storage volume accessible from the Windows server where you want to store the user 
data for the iFolder accounts. 


It is standard practice to store user data on a volume other than the system volume. Storage 
solutions can include any volume options supported by Windows, including direct attached 
storage and storage area networks. 


A Install Novell eDirectory 8.7.3 or later or install Microsoft Active Directory (from Windows 
2000 Server SP 4/ Windows 2003 or later) as your LDAP server. Make sure it is active, 
synchronized, and working properly. 


Your LDAP server and your iFolder server can reside on the same machine or on different 
machines. 
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Q) If you use Active Directory as your LDAP server, you must meet these additional 
requirements: 


+ In Active Directory environments, if you have shared schema domain controllers, all 
must be active and synchronized to enable the schema extension during the iFolder 
installation. 


+ You must have the necessary rights to extend the Active Directory schema. During a 
Complete install, ¡Folder extends the schema. Alternately, you can run the install to 
extend the schema independently, using the Extend Schema Only option. 


A Install and configure IIS Server on the ¡Folder server, including service packs and patches. 
Q) Get an SSL certificate and install it onto your (Folder server, using one of these methods: 


+ If you have your own certificate server, such as Novell Certificate Server, then you can 
get a certificate from your server. 


+ You can go to a certificate vendor, such as Entrust* or VeriSign*, and purchase a 
certificate. 


For more information on creating and installing SSL certificates on your IIS Server: 


+ For IIS 4, refer to the Microsoft Product Support Services Web site (http:// 
support.microsoft.com/kb/q22899 1/) 


+ For IIS 5, refer to the Microsoft Product Support Services Web site (http:// 
support.microsoft.com/support/kb/articles/Q228/8/36.ASP) 


+ For IIS 6, refer to the Microsoft TechNet Web site (http://www.microsoft.com/technet/ 
prodtechnol/WindowsServer2003/Library/IIS/89c7ef2f-f7d6-483c-8b08- 
ae0c6584dd4d.mspx) 


U Install Internet Explorer (IE) 5.0 or later on your server. 


Installing ¡Folder on Windows/IIS/eDirectory 


This section describes how to install Novell iFolder, using the following configuration: 


Server Operating System Web Server LDATI Server 


Windows 2000 IIS Novell eDirectory 


Windows 2003 IIS Novell eDirectory 


After you have met the prerequisites for this configuration, you are ready to install iFolder. 


4 Ifyou plan to use LDAP over SSL, locate a self-signed root certificate (rootcert.der) for your 
iFolder server. 


You can export a self-signed root certificate from your certificate server. 


Save the rootcert.der file to a location on the iFolder server or to a floppy disk. For example, 
a:\rootcert.der. Remember this location; you need it in Step 8 on page 58. 


2 Ifthe IIS server is not currently running, start it. 


3 To start the installation, go to the temporary directory where you saved the installation 
program, then double-click the installation program icon. 


4 The iFolder Installation Wizard opens on your desktop. Do one of the following: 
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New Installation of iFolder 2.1.5: Select to either Continue or Cancel the installation. 
If you click Continue, proceed to Step 5 on page 58. 


If you click Cancel, the installation program exits and the iFolder server is not installed. 
You can restart the installation at a later time. 


Upgrade Installation or Repair of iFolder 2.1.5: If you are installing iFolder 2.1.5 on 
an existing iFolder server, the Installation Wizard automatically detects it. Proceed to 
Step 11 on page 60. 


5 For new iFolder 2.1.5 installations, read the End User License Agreement, then do one of the 
following: 


+ 


Agree (click Yes) 
The installation program proceeds. 
Disagree (click No) 


The installation program exits and the iFolder server is not installed. You can restart the 
installation at a later time. 


6 To select Novell eDirectory as your LDAP server, click eDirectory. 


TIP: If you have an Active Directory LDAP server and want to install the iFolder server on a Windows 
server, follow the installation procedures in “Installing ¡Folder on Windows/IIS/Active Directory” on 
page 71. 


7 Specify the directory on the destination server where you want iFolder server to be installed. 
Browse to select the drive letter that you mapped in Step | on page 58 


Configure the global settings for the eDirectory LDAP server that your iFolder server uses, 


then click Next. 


+ 


LDAP Host Name or IP: Specify the DNS name (such as /dap1.your-domain- 
name.com) or IP address (such as/92.168.1.1) of the server that acts as your LDAP 
server. Replace ldap1.your-domain-name.com or 192.168. 1.1 with the actual DNS name 
or IP address of your LDAP server. 


This can be the same server that you are configuring as your ¡Folder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


Port: Select the port type, based on your security needs, for data exchanges between your 
LDAP server and your ¡Folder server. 


Select one of the following methods: 


+ Clear Text: Specify any valid TCP port number to use for Clear Text exchanges. By 
default, Port 389 is used for Clear Text. 


Use Clear Text if you want to use LDAP without SSL encryption or if your LDAP 
server does not support SSL. Clear Text is also a good choice if ¡Folder and LDAP 
are running on the same server. Because no communication or data is being 
transferred across network connections, no encryption is necessary. 


+ SSL: Specify any valid TCP port number to use for SSL exchanges. By default, Port 
636 is used for SSL. 


Use SSL if you want to use SSL exchanges to provide your network with encryption 
and security when data is transferred across network connections. 
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+ Root Certificate Path: If you selected the SSL option, provide the full directory path to 
your self-signed root certificate you created or identified in Step | on page 58. 


For example, type a:\rootcert.der if you exported the certificate to a floppy disk. 


+ LDAP Context Where (Folder Admin User Is Located: Specify the LDAP context. 
For example, o=all. 


9 Configure the iFolder settings for the Windows server that will be your iFolder server, then 
click Next. 


+ ¡Folder Server Host Name or IP: Specify the DNS name (such as nifl .your-domain- 
name.com) or the IP address (such as 192.168.1.1) to use for your iFolder server. 


IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


+ ¡Folder Admin Names: Specify the default user ID for the ¡Folder administrator for this 
¡Folder server. For example, admin. 


The ¡Folder Admin Names are the users who have permission to manage the ¡Folder 
server. You can assign multiple users to be ¡Folder administrators. For multiple Admin 
Names, separate them with semicolons and with no spaces. For example, 


administrator;jsmith;acatt 


IMPORTANT: All of the users identified here must have admin privileges and must exist in the 
context identified in Step 8 on page 58. 


+ Local iFolder User Database Path: Specify the path on the ¡Folder server where user 
data for all the ¡Folder accounts will be stored. For example, e:liFolder, where e: is the 
preexisting volume and ¡Folder is the directory. If desired, you can edit the value later in 
the Windows Registry. 


IMPORTANT: The volume you specify must already exist on the Windows server. The ¡Folder 
installation program does not create it for you. 


+ Install on Which IIS Web Site?: If there are multiple Web sites on your server, select 
where you want to install iFolder. 


10 Review the settings you provided in the previous steps. To return to previous pages and 
change the settings, click Back and repeat the steps, as necessary. 


When you are done, click Next. 


11 Ifa version of ¡Folder already exists on the server as identified in Step 4 on page 58, do one 
of the following: 


+ Upgrade to iFolder 2.1.5: Click Upgrade/Repair, then do one of the following: 


+ Upgrade from iFolder Standard Edition: The ¡Folder Installation Wizard requests 
that you confirm the upgrade to ¡Folder 2.1.5. 


To accept, click Yes. The installation continues and uses the current settings of your 
¡Folder 1.x server as the default settings for ¡Folder 2.1.5. iFolder notifies you when 
the upgrade installation is complete. User data remains untouched. 


IMPORTANT: You might need to follow a manual upgrade process if you have a large number 
of users who have extended characters in their passphrases. You must also follow special 
precautions if you decide to concurrently use both ¡Folder 1.0x and ¡Folder 2.1 systems. For 
information, see 


To decline, click No. Your ¡Folder server is not upgraded. 
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+ Upgrade from iFolder 2.0 Professional Edition: The ¡Folder Installation Wizard 
requests that you confirm the upgrade to iFolder 2.1.5. 


To accept, click Yes. The installation continues and uses the current settings of your 
¡Folder 2.0 server as the default settings for ¡Folder 2.1. ¡Folder notifies you when 
the upgrade installation is complete. User data remains untouched. 


To decline, click No. Your iFolder server is not upgraded. 


Repair iFolder 2.1.5: Click Upgrade/Repair. The iFolder Installation Wizard requests 
that you confirm the repair of ¡Folder 2.1.5. 


To accept, click Yes. The reinstall continues and uses the current settings of your iFolder 
2.1.5 server as the default settings. iFolder notifies you when the repair installation is 
complete. User data remains untouched. 


To decline, click No. Your iFolder 2.1.5 server is not repaired. 


Uninstall iFolder 2.1.5: Click Uninstall. The iFolder Installation Wizard requests that 
you confirm the uninstall. 


To accept, click Yes. The iFolder uninstall process stops the iFolder services and removes 
all iFolder files and settings. iFolder notifies you when the uninstall is complete. User 
data remains on the server; you must remove it manually. 


To decline, click No. iFolder is not uninstalled. 


42 To exit the Installation Wizard, click Finish. 
13 Extend the eDirectory schema. 
13a Open the ¡Folder Management Console. 


Do one of the following: 
+ Select the Administer ¡Folder option on the last window of the ¡Folder installation. 


+ Froma Web browser on your installation workstation, go to the ¡Folder Management 
Console by clicking File > Open, then entering the following URL: 


https://nifl.your-domain-name.com/iFolderServer/Admin 


IMPORTANT: This address is case sensitive. 


Replace nif1.your-domain-name.com with the actual DNS name or IP address of 
your ¡Folder server. 


13b Click the Global Settings icon. 


13c Log in to the Global Settings page as the Admin user with schema extension privileges. 


On successful login, ¡Folder extends the eDirectory schema.This can take several 
seconds, so expect a 10- to 30-second delay in the response. When the browser opens to 
the Global Settings page, the installation is complete. 


Installing ¡Folder on Windows/IIS/Active Directory 


This section describes how to install Novell iFolder, using the following configuration: 


Server Operating System Web Server LDAP Server 


Windows 2000 IIS Active Directory 
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Server Operating System Web Server LDAP Server 


Windows 2003 IIS Active Directory 


After you have met all the prerequisites for this configuration, you are ready to install Novell 
¡Folder 2.1.5. 


1 If the IIS server is not currently running, start it. 


2 To start the installation, go to the temporary directory where you saved the installation 
program, then double-click the installation program icon. 


3 The ¡Folder Installation Wizard opens on your desktop. Do one of the following: 
+ New Installation of iFolder 2.1.5: Continue or Cancel the installation. 
If you click Continue, proceed to Step 4 on page 61. 


If you click Cancel, the installation program exits and ¡Folder server is not installed. You 
can restart the install at a later time. 


+ Repair of (Folder 2.1.5: If you are installing ¡Folder 2.1.5 to repair an existing ¡Folder 
server, the Installation Wizard automatically detects it. Proceed to Step 12 on page 64. 


4 For new ¡Folder 2.1.5 installations, read the End User License Agreement, then do one of the 
following: 


+ Agree (click Yes) 
The installation program proceeds. 
+ Disagree (click No) 


The installation program exits and the ¡Folder server is not installed. You can restart the 
installation at a later time. 


5 To select Microsoft Active Directory as your LDAP server, click Active Directory. 


NOTE: If you have an eDirectory LDAP server and want to install the iFolder server software on a 
Windows server, follow the installation procedures in “Installing ¡Folder on Windows/IIS/eDirectory” on 
page 68. 


6 Select to extend the Active Directory schema, install iFolder, or both by selecting one of the 
following options: 


+ Complete Install: Install the ¡Folder server and extend the Active Directory schema. 


This option requires that you have the necessary credentials as the ¡Folder administrator 
and as the schema administrator. 


+ Install iFolder Server Only: Install the ¡Folder server. 


Before you install ¡Folder server, you must extend the schema. Run the ¡Folder 
installation program with the appropriate schema administrator credentials and follow the 
Extend Directory Schema Only path. 


+ Extend Directory Schema Only: Extend the Active Directory schema for an LDAP 
server. 


This option only extends the schema. It does not install the iFolder server software to your 
iFolder server. Before you can use the iFolder server, you must repeat the installation with 
the appropriate iFolder administrator credentials to follow the Install iFolder Server Only 
path. 
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Ifa secondary Active Directory LDAP server exists outside the forest where the primary 
Active Directory LDAP server is installed, you must run the iFolder installation program 
again and select this option to extend the schema for the secondary Active Directory 
LDAP server. 


7 If you chose the Complete Install or Extend Directory Schema Only options in Step 6 on 
page 61, verify your credentials to extend your Active Directory schema by specifying your 
schema administrator Distinguished Name and Password. 


+ 


+ 


Distinguished Name: Type the full context, using commas with no spaces as 
deliminators. For example, type cn=administrator,cn=users,dc=your-domain- 
name,dc=com. 


Password: Type your schema administrator password in this case-sensitive field. 


8 Configure the global settings for your Active Directory LDAP server that your iFolder server 
uses, then click Next. 


+ 


+ 


LDAP Host Name: Specify the DNS name (such as ldap1.your-domain-name.com) of 
the server that acts as your LDAP server. 


Replace /dap1.your-domain-name.com with the actual DNS name of your LDAP server. 


This might be the same server that you are configuring as your iFolder server. 


IMPORTANT: The DNS name you use must already exist as an entry on your DNS server and 
point to the IP address of the destination server. 


Port: Select the port type, based on your security needs, for data exchanges between your 
LDAP server and your iFolder server. 


Select one of the following methods: 


+ Clear Text: Specify any valid TCP port number to use for Clear Text exchanges. By 
default, Port 389 is used for Clear Text. 


Use Clear Text if you want to use LDAP without SSL encryption or if your LDAP 
server does not support SSL. Clear Text is also a good choice if iFolder and LDAP 
are running on the same server. Because no communication or data is being 
transferred across network connections, no encryption is necessary. 


+ SSL: Specify any valid TCP port number to use for SSL exchanges. By default, Port 
636 is used for SSL. 


Use SSL if you want to use SSL exchanges to provide your network with encryption 
and security when data is transferred across network connections. 


In Active Directory, LDAP over SSL is not enabled by default. If you select 636 as 
the LDAP port during installation, ensure that LDAP over SSL is enabled and the 
server is listening on the port. Otherwise the schema extension will fail. 


For more information on enabling LDAP over SSL, refer to the Microsoft Product 
Support Services Web site (http://support.microsoft.com/default.aspx?scid=kb;en- 
us;321051) 


LDAP Context Where iFolder Admin User Is Located: Specify the LDAP context. 
For example, cn=administrator,cn=users,dc=your-domain-name,dc=com. 


IMPORTANT: Make sure the first context in the list is the one that the ¡Folder administrator is in. 


9 Configure the ¡Folder settings for your ¡Folder server, then click Next. 


+ 


iFolder Server Host Name or IP: Enter the DNS name (such as nifl .your-domain- 
name.com) or the IP address (such as 192.168.1.1) to use for your iFolder server. 
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IMPORTANT: If you use a DNS name, that name must already exist as an entry on your DNS 
server and point to the IP address of the destination server. 


+ ¡Folder Admin Names: Specify the default user ID for the ¡Folder administrator for this 
iFolder server. For example, administrator. 


The iFolder Admin Names are the users who have permission to manage the iFolder 
server, using the ¡Folder Management Console. You can assign more than one user ID to 
be an iFolder administrator. 


IMPORTANT: All of the users identified here must exist in the context identified in Step 8 on 
page 62. 


If you have multiple user IDs, separate them with semicolons and with no spaces. For 
example, 


administrator; jsmith;acatt 


+ Local (Folder User Database Path: Specify the path on the ¡Folder server where user 
data for all the ¡Folder accounts will be stored. For example, e:\iFolder, where e: is the 
volume and ¿Folder is the directory. You can edit the value later, if desired, in the 
Windows Registry. 


IMPORTANT: The volume you specify must already exist on the Windows server. The ¡Folder 
installation program will not create it for you dynamically. 


+ Install on Which IIS Web Site?: If there are multiple Web sites on your server, select 
where you want to install iFolder. 


10 Review the settings you entered in the previous steps. To return to previous pages and change 
the settings, click Back and repeat the steps, as necessary. 


When you are done, click Next. 
11 Log in to Global Settings in the ¡Folder Management Console to finalize the installation. 
11a Open the ¡Folder Management Console. 
Do one of the following: 


+ Select the Administer ¡Folder option on the last window of the ¡Folder installation 
process. 


+ From a Web browser on your installation workstation, go to the ¡Folder Management 
Console, click File > Open, then enter the following URL: 


https://nifl.your-domain-name.com/iFolderServer/Admin 
IMPORTANT: This address is case sensitive. 


Replace nif1.your-domain-name.com with the actual DNS name or IP address of 
your iFolder server. 


11b Click Global Settings, then log in. 
When the browser opens to the Global Settings page, the installation is complete. 


12 Ifa version of iFolder 2.1.5 already exists on the server as identified in Step 3 on page 61, do 
one of the following: 


+ Repair iFolder 2.1.5: Click Upgrade/Repair. The ¡Folder Installation Wizard requests 
that you confirm the repair of ¡Folder 2.1.5. 


To accept, click Yes. The reinstall continues and uses the current settings of your iFolder 
2.1 server as the default settings. iFolder notifies you when the repair installation is 
complete. User data remains untouched. 
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To decline, click No. Your iFolder 2.1 server is not repaired. 


Uninstall iFolder 2.1.5: Click Uninstall. The ¡Folder Installation Wizard requests that 
you confirm the uninstall of iFolder 2.1.5. 


To accept, click Yes. The iFolder uninstall process stops the ¡Folder server and removes 
all iFolder files and settings. iFolder notifies you when the uninstall is complete. 


IMPORTANT: User data remains on the server; you must remove it manually. The extensions of 
the Active Directory schema also remain. 


To decline, click No. iFolder 2.1.5 is not uninstalled. 
Extend Directory Schema Only: Click Extend Directory Schema Only. 


Use this option to extend the schema for secondary or additional Active Directory LDAP 
servers that exist outside the forest where the primary Active Directory LDAP server is 
installed. 


To enter your schema administrator credentials, see Step 7 on page 62. 


To enter the information about your secondary LDAP server, see Step 8 on page 62. 


13 To exit the Installation Wizard, click Finish. 
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Installing iFolder 2.1.5 on OES for Linux 


This section describes how to install Novell® iFolder® 2.1.5 server in Standalone and Coexistent 
modes using the following configuration: 


Server Operating System Web Server LDAP Server 


SLES 9 SP1 Apache 2.0.43 Novell eDirectory 


iFolder 2.1.5 server can now be installed in two modes: 


+ Standalone Mode: In this mode, no Apache instances run except for iFolder. ¡Folder runs on 
the wildcard address: 80 / 443. 


+ Coexistent Mode: In this mode, the ¡Folder worker thread instance and other Apache 
instances can coexist. iFolder needs to run as a separate instance on a specific IP address 
(different from the primary address of the local machine). This new address must have a DNS 
name, and should be reachable from the iFolder clients. 


For a description of known issues related to installation, see the Novell iFolder 2.1 Readme. 
Following topics are discussed in this chapter: 

+ “Confirming Prerequisites” on page 77 

+ “Configuring the ¡Folder 2.x Server Using OES YaST Install” on page 78 

+ “Manual Configuration of the ¡Folder 2.x Server for OES” on page 79 

+ “Configuring ¡Folder Server on Machine with Multiple NICs” on page 80 

+ “Configuring ¡Folder on an NSS Volume” on page 81 

+ “Uninstalling ¡Folder Server” on page 82 

+ “Accessing ¡Folder in Coexistent Mode” on page 82 

¢ “Accessing ¡Folder in Standalone Mode” on page 83 

+ “Post-Install Guidelines” on page 83 

¢ “Post Install Verification and Troubleshooting” on page 83 

¢ “¡Folder Client Features” on page 83 

+ “What's Next” on page 84 


Confirming Prerequisites 


Before installing Novell ¡Folder 2.1.5, ensure that you have met the following prerequisites and 
download requirements: 
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Q) For general (Folder server prerequisites, see “Prerequisites for All iFolder 2.1 Servers” on 
page 27. 


Q) For prerequisites specific to Linux, see “Prerequisites for iFolder 2.1.x” on page 30. 


Q) For instructions for downloading Novell ¡Folder 2.1, see “Download Instructions for iFolder 
2.1” on page 30. 


QU Ensure that the install, and upgrade of following dependent products is complete: 
+ Apache 
¢ LDAP 


+ eDirectory™ 


Configuring the iFolder 2.x Server Using OES YaST Install 


4 Open YaST. 
2 Click NetWork Services > iFolder. 


2a On the ¡Folder 2.x LDAP Server Configuration screen, select the Local System or 
Remote System option for the LDAP server, and then enter the following details: 


Directory Server Address Type the IP address of the LDAP server. 
Admin name with context Type the admin credentials of the LDAP server. 
Admin password Type the admin password of the LDAP server. 
Click Next. 


2b On the ¡Folder 2.x configuration screen, select from the following two options: 
+ ¡Folder 2 will be the only Web Application on this Server (Standalone Mode) 


If you select this option, the primary IP address of the server is used as ¡Folder 2.x 
server’s IP address. 


This option is disabled if any of the following web applications are selected: 
- Novell iManager 

- Novell eGuide 

- Novell NetStorage 

- Novell QuickFinder™ 

- Novell Virtual Office 


- Novell iPrint 


+ (default) (Folder 2 and Other Web Applications Run on this Server (Coexistent 
Mode) 


If you select this option, then ¡Folder modifies the Apache? listen.conf file to remove 
the wildcard binding to ports and replaces it with a specific IP address. 


Enter the following details: 
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IP address 


iFolder 2.x server 


netmask 


iFolder 2.x server 
DNS hostname 


iFolder 2.x server 
user data path 


Click Next. 
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Specify a second IP address (different from the primary address of the 
local machine) for the iFolder server. iFolder listens on ports 80 and 
443 of the secondary IP address. 


Specify the netmask for the iFolder 2.x server IP address. This 
netmask value should be the same as that of the primary interface IP 
address which was the default address available before installation. 
This ensures that the new address can be reached through the primary 
address interface. 


Specify the netmask for the iFolder 2.x server IP address. This 
netmask value should be the same as that of the primary interface IP 
address which was the default address available before installation. 
This ensures that the new address can be reached through the primary 
address interface. 


Specify the path for the iFolder user accounts directory. 


2c On the ¡Folder 2.x configuration screen, add ¡Folder 2.x admin users. 


2d Click Next. 


This completes the iFolder 2.x configuration. 


3 If ¡Folder is configured in Coexistent mode, configure the NetStorage component to use 
second IP address for iFolder, as specified in Coexistent mode in Step 2b. 


Manual Configuration of the iFolder 2.x Server for OES 


1 Run /opt/novell/ifolder/bin/ifolder_config.sh at the the shell prompt. 
This requires the user to input the following: 


LDAP Host Type the DNS name for the LDAP server. 


LDAP SSL Port Specify the LDAP SSL Port 


LDAP Users Context Specify the LDAP context where the iFolder Admin user is located. 


LDAP Admin DN Type the DN of the LDAP admin 
Admin Password Type the admin password of the LDAP server 
Admin Users Specify the users who have permission to manage the iFolder server 


iFolder 2.x server IP Specify the IP address of the ¡Folder 2.x server. To install in 

Address Standalone mode, enter 0.0.0.0 as the IP address. To install in 
Coexistent mode, enter a valid IP address (different from the primary 
address of the local machine). 


The following user inputs are required only if the user enters a valid IP address for iFolder 2.x 


server IP address field. 


+ ¡Folder 2.x server netmask: Type the netmask for the ¡Folder 2.x server. 
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+ ¡Folder 2.x DNS name: Type the DNS name for the ¡Folder 2.x server. 


2 After configuration is complete, and if you are not running iFolder 2.x as a standalone server, 
then you need to restart Apache2 (by running /etc /init.d/apache2 restart) 
before starting iFolder 2.x server. 


To load the ¡Folder 2.x server, run /etc/init.d/novell-ifolder start 


Configuring iFolder Server on Machine with Multiple NICs 


iFolder server is configured on a machine that has multiple NICs using the following installations: 
+ During OES Installation 


+ Post Installation 


During OES Installation 
¡Folder can be configured in two ways: 
+ Configuring ¡Folder with a New IP Address Other than the Existing NIC Card’s IP Addresses 
+ Configuring iFolder with the IP Adresses of the Existing NICs 


Configuring iFolder with a New IP Address Other than the Existing NIC Card’s IP Addresses 


On the iFolder Server Configuration screen, enter the following details: 
1 Admin credentials: On the LDAP Server Configuration screen, Click Next. 


2 iFolder 2.x Server IP Address: Type a new IP address , other than the IP addresses of the 
existing NIC cards. 


iFolder 2.x Server Subnet mask: Specify the subnet mask of the respective IP address. 
iFolder 2.x Server DNS name: Specify the DNS name of the iFolder server’s IP address. 
Click Next 


oa bh Ww 


On the iFolder 2.x configuration screen, click Next. 


This completes the configuration of the iFolder server. 


Configuring iFolder with the IP Adresses of the Existing NICs 
4 Configure the NICs with their respective IP addresses and the host name of the first NIC card. 
For example,for a server configured with three NIC cards: 
eth0 - <IP Address of NIC card I> <host1.domain1.com> 
ethl - <IP Address of NIC card 2> <host1.domain1.com> 
eth2 - <IP Address of NIC card 3> <host1.domain1.com> 
In the above example, host1.domain1.com is the common host name for all the NIC cards. 


NOTE: Check the /etc/hosts file for the short host name. The short host name should be aliased to the 
first NIC card entry only. 


2 Configure the iFolder server as follows: 


2a Admin credentials: On the Admin Credentials screen, click Next. 
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2b iFolder 2.x Server IP Address: Specify an IP address of the existing NIC cards, other than 
the IP address of the NIC card configured with DNS host name. 


2c iFolder 2.x Server Subnet mask: Type the subnet mask of the respective IP address. 


2d ¡Folder 2.x Server DNS name: Type the DNS name of the ¡Folder server’s IP address and 
click next. 


2e On the ¡Folder 2.x Configuration screen, click next. 


This completes the configuration of the iFolder server. 


To configure iFolder with a new IP address, refer to Configuring iFolder with a New IP 
Address Other than the Existing NIC Card’s IP Addresses 


To view the list of multiple interfaces, click Application Menu > YaST > Network Devices > 
Network Card 


To configure iFolder with the IP address of the existing NIC card, refer to Configuring iFolder 
with the IP Adresses of the Existing NICs 


IMPORTANT: IP addresses of the Linux server and ¡Folder server must be DNS enabled. 


Configuring iFolder on an NSS Volume 


iFolder 2.x can be configured to use the NSS volumes only in the case of post installation. iFolder 
sever is configured on NSS volume using the following installations: 


Using Local LDAP 


If you select the local LDAP host option while configuring iFolder 2.x, you need to perform the 
following steps: 


1 Run the following command at the shell prompt: 


rights -f <full path of the ifolder data directory on NSS 
volume> -r all trustee novlifdr.<local eDir admin 
context>.<local eDir tree name> 


For example: 


rights -f /media/nss/NSSVOL1/ifolderdata -r all trustee 
novlifdr.novell.MYTREE 


where /media/nss/NSSVOL1/ifolderdata is the path of the ¡Folder data directory on NSS 
volume NSSVOLI, novell is the local eDirectory admin context nd MYTREE is the local 
eDirectory tree name 


This command grants the ¡Folder instance of Apache rights to the ¡Folder data directory on 
NSS volume. 


Run the following command to restart the ¡Folder 2.x server: 


/etc/init.d/novell-ifolder restart 
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Using Remote LDAP 


If you select the local LDAP host option while configuring iFolder 2.x, you need to perform the 
following steps: 


1 Run the following command at the shell prompt: 


rights -f <path to ifolder data directory on NSS volume> -r all 
trustee novlifdr.<eDir admin context>.<eDir tree name> 


where all references to eDirectory refer to the eDirectory tree used for NSS configuration. 
For example: 


rights -f /media/nss/NSSVOL1/ifolderdata -r all trustee 
novlifdr.novell .MYTREE 


where /media/nss/NSS VOL 1/ifolderdata is the path of the ¡Folder data directory on NSS 
volume NSSVOLI, novell is the eDirectory admin context, and MYTREE is the eDir tree 
name of the tree used for NSS configuration for the server on which ¡Folder is installed. 


This command grants the iFolder instance of Apache rights to the iFolder data directory on 
NSS volume. 


2 Run the following command to restart the iFolder 2.x server: 


/etc/init.d/novell-ifolder restart 


Uninstalling iFolder Server 


1 Run the command to stop iFolder server: 
/etc/init.d/novell-ifolder stop 

2 Remove the ifolder daemon from the kernel daemon set by issuing the following command: 
/sbin/insserv -r /etc/init.d/novell-ifolder 


3 Ifthe ¡Folder server was installed in Coexistent mode, restore the Apache2 configuration file 
backed up during install, then restart Apache. 


4 Run rpm -e novell-ifolder to remove the package. 


Accessing ¡Folder in Coexistent Mode 


If iFolder 2.x server was installed in Coexistent mode, access NetStorage using the primary IP 
address of the server and access ¡Folder using the secondary IP address (the one provided in the 
¡Folder 2.x server IP address field during the ¡Folder configuration). 


For example, to access the Admin Console: 
https: //<secondary_ifolder_ ip address>/iFolderServer/Admin 
To access the ¡Folder page: 


http://<secondary_ifolder_ ip address>/iFolder 
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Accessing iFolder in Standalone Mode 


If iFolder is installed in Standalone mode, NetStorage cannot run on the same machine. The Login 
link on the main iFolder page will not work because NetStorage is not installed on the local 
machine. However, NetStorage can be installed on a separate server and can be configured to point 
to the Standalone iFolder server. 


Then the user can use https://<ip address of netstorage server >/NetStorage to access NetStorage. 


Post-Install Guidelines 


The following guidelines are not mandatory. These guidelines are required for the administrator to 
ensure that the ¡Folder configuration files are backed up and are consistent. 


+ IfiFolder server is installed in Coexistent mode, then ¡Folder install modifies the Apache 
configuration to redistribute the address configurations. We recommend that you backup the 
/etc/apache2/listen.conf file before installing iFolder 2.x server in case the administrator needs 
to revert back to the previous configuration after uninstalling iFolder. 


¢ iFolder specific_address binding creates a new IP address for the system. This is identified as 
the interface "ethn:ifdr" (where n is the interface number on which the ¡Folder 
specific_address is added ) 


Before the install, ensure that the iFolder-specific address was not previuosly configured 
through ifconfig. If the IP address is already available, then delete it by ifconfig 
ethn:ifdr down for the current session.The specific iFolder server entries are available 
in /etc/sysconfig/network/ifcfg-eth-id-"MAC ADDRESS" file. Delete all the lines containing 
the substring "ifdr". A duplication of entries is usually seen when the initial installation of 
¡Folder is incomplete and reinstalled. 


Post Install Verification and Troubleshooting 


¢ To ensure that the listeners are correctly distributed, use the following command: 
netstat -an | grep -v unix | grep ":80 " 


If iFolder is installed in Standalone mode, then you see that the iFolder instance runs on 
0.0.0.0:80, the default Apache2 instance should be terminated. If iFolder is installed in 
Coexistent mode, then the iFolder worker thread runs on specific_address:80 and Apache will 
be on other_addresses:80. 


+ Verify the new address binding using ifconfig. You will now see a new interface, ethX:ifdr, 
where X refers to a number in range 0 to n-1 and n refers to number of network interfaces. 


+ IfiFolder installation does not bring up the ¡Folder server, then you can restart the daemon 
with the following command: 


/etc/init.d/novell-ifolder restart 


¡Folder Client Features 


+ The ¡Folder client is now available on Linux desktops. The client supports SUSE? LINUX 
9.2 and Novell Linux Desktop. 


+ For more information about the install instructions and the known issues with the ¡Folder 
Linux client, refer to the Readme available with the client. 
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+ The ¡Folder Linux client has been localized. 


+ The “Download ¡Folder Linux client” link has been integrated with the NetWare and Linux 
server Web pages. 


What's Next 


Follow the instructions for configuring and managing your ¡Folder server in Chapter 11, “Using 
the ¡Folder Management Console to Configure Your iFolder System,” on page 85. 


After you provision a user’s account for iFolder services, to initialize an ¡Folder account, a user 
must log in to the ¡Folder server using the ¡Folder client, the ¡Folder Web site Login (not the PDA 
Login), or NetDrive. 


IMPORTANT: If your global client policies include any enforced or hidden settings, users must log in with the 
¡Folder client to initialize their ¡Folder user accounts. 


To install the ¡Folder client on your workstations, follow the instructions in the ¡Folder 2.1 Quick 
Start and the Novell ¡Folder 2.1 User Guide, available on the Novell ¡Folder online documentation 
Web site (http: //www.novell.com/documentation/lg/ifolder21/index.html). 


To install ¡Folder on additional servers, follow the instructions in “Configuring ¡Folder on 
Additional Servers” on page 98. 


For more information about known issues for ¡Folder servers and workstations, see the Readme 
available at Novell ¡Folder documentation Web site (http://www.novell.com/documentation/ 
ifolder21/index.html) 
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E Using the ¡Folder Management Console to 
Configure Your ¡Folder System 


The Novell® iFolder® Management Console is a Web-based, remote management tool used to 
configure global and user polices, manage user accounts, monitor performance, and generate 
reports for your iFolder system. 


This section covers the following topics for managing Novell iFolder, using the iFolder 
Management Console: 


+ “Accessing iFolder Web Interfaces” on page 85 
+ “Configuring Your First iFolder Server” on page 90 


+ “Configuring ¡Folder on Additional Servers” on page 98 


B Accessing iFolder Web Interfaces 


After iFolder has been installed on your server, you have access to two Web interfaces: the iFolder 
Management Console for administrators and the iFolder Web site for users. Novell NetStorage is 
also compatible with iFolder. You can configure NetStorage to provide access for your users to 
their iFolder data on the iFolder server, using a Web browser. 


This section describes the following topics: 
+ “The ¡Folder Management Console for Administrators” on page 85 
+ “The ¡Folder Web Site for Users” on page 86 
+ “The Novell NetStorage Interface for ¡Folder 2.1.x” on page 89 


B TheiFolder Management Console for Administrators 


The ¡Folder Management Console lets you manage your ¡Folder servers, the LDAP servers 
assigned to authenticate ¡Folder activity, and your users” ¡Folder accounts. 


To access the ¡Folder Management Console, enter the following URL into your Web browser: 
https: //nif1. your-domain-name.com/iFolderServer/Admin 
Replace nif1.your-domain-name.com with the IP address or the DNS name of your ¡Folder server. 


For more information, see “Logging In to the ¡Folder Management Console” on page 90. 
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Figure 2 iFolder Management Console 
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B The ¡Folder Web Site for Users 


86 


The ¡Folder Web site is where users can download the ¡Folder client and access their ¡Folder files 
via a Web browser, using the ¡Folder Java applet. The page contains links to do the ¡Folder client 
software for download, the Novell ¡Folder Quick Start, ¡Folder client Help, and other important 

information about Novell iFolder. You can modify this page to fit your company’s internal needs. 


To access the default ¡Folder Web site, enter the following URL into your Web browser: 
https: //nif1. your-domain-name.com/iFolder 
Replace nif1.your-domain-name.com with the IP address or the DNS name of your ¡Folder server. 


After installing the ¡Folder client on a workstation, users can reach this site by right-clicking the 
iFolder icon in the system tray, then clicking iFolder Web site. 
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Figure 3 Default iFolder Client Web Site 
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iFolder 2.1 


What is Novell iFolder? Novell iFolder is the new Net services software solution 
that allows your files to automatically follow you everywhere - online, offline, all 
the time - across multiple systems and the Net. Files saved in an iFolder are 
always available - on your hard drives or through a browser - since changes are 
automatically and intelligently updated across all your systems through any simple 
Internet connection. ¡Folder also provides worry-free security, ensuring that all 
your files are always safe, secure and up to date. Now your files can be as mobile 
as you are - at work, home or on the go. 


How to use iFolder: 

1. Download and install the ¡Folder client. 

2. Login to the ¡Folder client and configure your preferences. such as the location 
of your local ¡Folder directory. 

3. A shortcut to your ¡Folder directory is placed on the desktop. Use the shortcut 
to go ta your iFolder directory. 

4, Move your files into your ¡Folder directory. These files will then be updated to 
the ¡Folder server. 

5. Install the ¡Folder client on any other machine(s) where you want your files 


¡Folder Java Applet 


The Java applet is a simple Web-based browser that allows users to access their iFolder data on the 
server, without using the iFolder client. Users can create, upload, download, rename, and delete 


files, refresh the file listing, and log out of iFolder. In this folder view, click the plus icons to 


expand the folders. 


iFolder Java Applet is only supported with iFolder on Windows 2000 and Windows 2003 Servers. 


To access iFolder data on the server, using the Java applet in your Web browser: 


4 Go to the ¡Folder Web site. 


2 Click Login in the left navigator. 


This opens the Java applet login dialog. 


Figure 4 Java Applet Login Dialog for User File Access 


lol 
User Name: acatt 
Password: pN 
Passphrase: e] 
Server IP: [nif1.your-domair-name.com | 
Connect 


3 Type your username, password, passphrase (if needed), and ¡Folder server IP address (if 


different than the default address). 


If the ¡Folder administrator has moved your ¡Folder account to different physical ¡Folder 


server since your account was first created, replace the default address with the known one. 
Otherwise, the login fails and ¡Folder returns a message with the correct ¡Folder server IP 


address. 
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If your first login attempt fails, repeat Step 1 to Step 3 and type the new ¡Folder server IP 
address in place of the default one. 


4 Click Connect. 


Figure 5 The iFolder Java Applet Interface for User File Access 
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iFolder 2.1 HTML Interface for PDA Access 


In iFolder 2.1 only, users can access iFolder files, using the HTML interface in a Web browser: 
1 To open the HTML login page, use one of these methods: 
+ Go to the ¡Folder Web site, then click Login (PDA). 
+ Enter the following URL in a Web browser: 
https: //nifl.your-domain-name.com/iFolder/MyFiles 


Replace nif1.your-domain-name.com with the IP address or the DNS name of your 
iFolder server. 


This opens the HTML login page. 
2 Enter your username, password, and passphrase (if needed.) 
3 Click Login. 


This opens the HTML interface in your Web browser. Click the link beside the folder to 
expand the folders. Click the link beside the file to download the file to your local workstation, 
laptop, or handheld device. 
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Figure 6 The iFolder HTML Interface for User File Access 
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iFolder/MyFiles/acatt/home 


Name Last modified Size 
DOC_tools 14-Feb-2003 15:51 - 
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B The Novell NetStorage Interface for ¡Folder 2.1.x 


If you have Novell NetStorage services installed in your network, you can configure NetStorage 
to support iFolder data access. Novell NetStorage is available in the bundled release of iFolder 
2.1.x with NetWare® 6.5 and later, Novell Nterprise™ Linux Services 1.0 and later and with Open 
Enterprise Server. 


Users can access iFolder data, using the NetStorage folder view, by entering the following URL in 
a Web browser: 


https://nifl.your-domain-name.com/NetStorage 


Figure 7 Example of the Novell NetStorage Folder View 
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Users can access ¡Folder data, using the NetStorage text view, by entering the following URL in a 
Web browser: 


https://nifl.your-domain-name.com/oneNet/NetStorage 


IMPORTANT: The NetStorage folder view and text view URLs are case sensitive. 
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Filter: 
Size Modified 
10/29/2003 5:24 PM El 
10/29/2003 5:24 PM 


Done 


[4D Internet A 


For information about installing and configuring Novell NetStorage on your network, see the 
NetWare 6.5 NetStorage Administration Guide. 


R Configuring Your First ¡Folder Server 


This section describes how to configure your first Novell iFolder server by performing the 
following tasks: 


1. 


“Logging In to the iFolder Management Console” on page 90 


2. “Identifying the ¡Folder Objects in the Schema” on page 92 
3. “Defining Your User Contexts” on page 93 

4. 
5 
6 


“Provisioning User Objects for ¡Folder Services” on page 94 


. “Configuring Your User LDAP Server” on page 96 
. “What's Next” on page 98 


Í Logging In to the iFolder Management Console 


90 


1 To open the iFolder Management Console, use one of the following methods, depending on 


your version of ¡Folder: 
¢ For iFolder 2.1, open your Web browser to the following URL: 
https://nif1.your-domain-name.com/iFolderServer/Admin 


Replace nifl.your-domain-name.com with the actual DNS name or IP address of your 
¡Folder server. If you specified different ports during the installation, append the IP 
address of the server with a colon followed by the port number. For example, 


https://192.168.1.1:80/iFolderServer/Admin 
IMPORTANT: The ¡Folder Management Console URL is case sensitive. 


+ For (Folder 2.1.x, you can also access the ¡Folder Management Console from Novell 
iManager. Open your Web browser to ¡Manager to the following URL: 


https://nif1.your-domain-name.com/nps/iManager .html 


Replace nif1.your-domain-name.com with the actual DNS name or IP address of your 
1Folder server. 


Log in to iManager, then click the ¡Folder role in the left navigator. For information about 
iManager, see the Novell ¡Manager 2.0.x Administration Guide. 


Novell iFolder 2.1 Installation and Administration Guide 


Novell Confidential Manual (99a) 21 December 2004 


Figure 9 iFolder Management Console Home Page 
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2 To log in to the iFolder Management Console, click Global Settings EA then log in with 
your iFolder administrator username and password. 


For Novell eDirectory™ environments, most installation scenarios require that you log in to 
the iFolder Management Console to extend the schema and complete the installation. 
However, in some installations scenarios, iFolder completes the schema extension during the 
installation process. For example, the iFolder installation extends the schema for Novell 
eDirectory configurations with iFolder 2.1.2 in Novell Nterprise™ Linux Services, for 
Microsoft Active Directory configurations with iFolder 2.1 and for Novell eDirectory 
configurations with iFolder 2.1.5 in Open Enterpirse Server on SLES. See your installation 
instructions to determine which case applies to you. 


If applicable, the first time you log in to the iFolder Management Console after the 
installation, you must log in as a user that has schema extension privileges.The initial login 
might take 10 to 30 seconds while iFolder extends the schema, creates objects, and writes 
attributes. Server objects are created in the Admin LDAP context that you specified during 
the iFolder installation. 
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iFolder Management Console > Global Settings > Login 


User: (Not Authenticated) 


iFolder Features: 
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Login 
Please enter your username and password 
Username: 
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Password: 


(| 
Login 


© Copyright 1983-2003 Novell, Inc. All rights reserved. 


3 When the General Information page opens, your login is successful. 


Successful login completes the server installation for your first server. The schema extension 
is not repeated on subsequent logins. 


Figure 11 Global Settings > {Login} > General Information 
iFolder Æ 


User: Administrator (Master LDAP) 


Global Settings 
General Info 


Global Policies 
Admin Names 
User LDAPs 
įFolder Servers 


Global Settings LDAP: 


Host DNS or IP melplex. melift.com 


Port 389 
Context cn=iFolder,cn=System,dc=melift,dc=com 
Certificate No 
Status No 


LDAP Schema: 
subschemaSubentry 
Vendor Name 


CN=Aggregate,CN=Schema,CN=Configuration,DC=melift,DC=com 
Microsoft 
Vendor Version 


Use this procedure to log in to the iFolder Management Console at any time to manage the iFolder 


server. 


To optionally verify the schema extension, see “Identifying the iFolder Objects in the Schema” on 


page 92. 


To continue configuring your first iFolder server, see “Defining Your User Contexts” on page 93. 


Identifying the iFolder Objects in the Schema 


The iFolder installation extends your LDAP schema to include the following objects: 


¢ iFolder Settings object (iFolder_Settings) with the following attributes: 


+ iFolderAdminNames 
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+ iFolderClientXML 
¢ iFolderDefaultServerName 
+ ¡Folderkeyl 
+ ¡Folderkey2 
¢ iFolderServerXML 
+ ¡Folder User LDAP object (iFolder_Idap01) with the following attributes: 
+ iFolderLDAPCertificate 
+ iFolderLDAPContexts 
+ iFolderLDAPDNSorIP 
+ ¡FolderLDAPPort 
¢ ¡Folder Server object (iFolder_server01) with the following attributes: 
¢ iFolderServerDNSorIP 
+ iFolderServerSecureDNSorIP 


The schema extension and the newly created objects enable your iFolder server to run with the 
LDAP settings you specified during the installation. These settings are used as your Global 
Settings LDAP. For more information, see “LDAP Directories” on page 20. 


The iFolder_Settings object is created only once and it holds all the Global LDAP settings. 
However, for every additional LDAP server and iFolder server that you add through the iFolder 
Management Console, a new iFolder_/dap and iFolder_server object are created that correspond 
to the new LDAP or iFolder server. 


IMPORTANT: All iFolder management must be done through the iFolder Management Console. 


To continue configuring an iFolder server, see “Defining Your User Contexts” on page 93. 


Ẹ Defining Your User Contexts 


During the iFolder installation, you specified the LDAP context of your Admin objects. For 
authentication purposes, you must now define the context where your users reside. After you 
define your user context, all the User objects that reside in the specified context appear in the 
iFolder Management Console. 


As you add iFolder servers to your iFolder system, you might define different or the same user 
contexts for each server. 


TIP: If you need to add a User object to your context, you can use the User Management > Add Users option 
in the iFolder Management Console. 


E 4 Ifyou are not logged in, go to the iFolder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


S 2 Click Global Settings > User LDAPs, then click the server name of the server you want to 
manage. 
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Ml Figure 12 Global Settings > User LDAPs > (Server Name} > User Contexts for This Server 
¡Folder Æ 
Novell. 
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S iFolder_ldap01 
Global Policies The contexts listed are searched when authenticating users, After specifying the desired 
Admin Names contexts for this LDAP server, press the Update button to save changes, Press the Add button to 

search for and add additional contexts to search, 

User LDAPs 


iFolder Servers 


User LDAP Name iFolder_ldap01 


Host DNS or IP melplex. melift.com 
Port 389 


Context Search Subcontexts? 


TF cn=users,dc=melift,dc=com O 
Update | Delete | 
Hi 3 From the Contexts listed, select the context where your users are located. 


iFolder searches the contexts you specify when authenticating users. 


4 Ifyou want LDAP to search subcontexts below the specified context during user 
authentication, check the Search Subcontexts check box. 


5 If you want to add additional contexts to search, click Add. 


6 Click Update to save these default user authentication settings. 


To continue configuring an iFolder server, see “Provisioning User Objects for iFolder Services” 
on page 94. 


R Provisioning User Objects for (Folder Services 


Before users can create and use iFolder accounts, you must first enable users’ User objects on the 
LDAP server for iFolder services. Users can have only one account associated with a given user 
ID. However, any given user can have multiple accounts under different user IDs. 


When you log in for the first time to the ¡Folder Management Console and click User Management, 
iFolder extends the User LDAP directory’s schema to include the LDAP User Object. An Aux 
Class of iFolderUser and the following attributes are also assigned to each User object: 


+ iFolderServerName 
+ iFolderQuota 
Only enable iFolder services for the usernames you want to give iFolder privileges. iFolder does 


not create and activate the associated iFolder account until the user first logs in to the iFolder 
server, using the iFolder client, the iFolder Java applet, or NetDrive. 


IMPORTANT: If your global client polices include any enforced or hidden settings, the users must log in with 
the iFolder client to create their iFolder user accounts. 


After you provision the User objects, instruct your users to log in to the iFolder server to create an 
iFolder account. 
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To enable iFolder services for users: 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


The first time you log in to User Management, ¡Folder extends the User LDAP’s schema. You 
must log in as a user with schema extension rights for the User LDAP servers you want to use 
for authenticating ¡Folder users on the specified server. 


2 Click User Management E) 


3 Use the Advanced Search for Users, as shown in Figure 13, to obtain a list of users whose 
accounts you want to manage. 


IMPORTANT: If an Admin object resides on multiple LDAP servers, do not enable this object as an 
¡Folder user. If you have only one LDAP server and one corresponding Admin user, you can enable this 
object; however, we do not recommend it. 


Figure 13 Search Criteria for Advanced Searches 


iFolder 


Sa er eee & Novell 


User Management 
Search 
Advanced Search Specify search criteria for the users you want to manage. After finding the desired users, you can manage the 
Add user from the results list. 


Advanced Search for Users 


Search Criteria 


Name v| | Starts With v Search 
Name Starts With 

Last Name i 

First Name 

E-Mail Address 

iFolder Server Does Not Start With 


Does Not Contain 
In User LDAP: Context [Does Not Equal 


The iFolder Management Console provides an Advanced Search feature. You can use the 
following search criteria to narrow your search: 


User Category Syntax Operator Syntax 
Name Starts With 

Last Name Ends With 

First Name Contains 

E-mail Address Equals 

User Type (All Users, iFolder Users, Non-iFolder Users) Does Not Start With 
iFolder Server (All, select from list) Does Not End With 
In User LDAP: Context (All, select from list) Does Not Contain 


Does Not Equal 
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4 Enable or disable iFolder services for users, using one of these methods: 


+ Single User: Click the username link, then click Enable or Disable to change the ¡Folder 
privileges for the selected user. 


+ Multiple Users: From the Advanced Search results, click Enable or Disable ¡Folder 
services for all of the users found that met the search criteria. 


+ Subset of Multiple Users: From the Advanced Search results, check the check box 
beside any user whose status you want to change, the click Enable or Disable. The 
provisioning status changes for only those specified users. 


+ Subset of Multiple Users on a Specific ¡Folder Server: From the Advanced Search 
results, select the server from the ¡Folder Server drop-down list, then click Enable or 
Disable. The provisioning status changes for only those users assigned to the specified 
server. 


Figure 14 User Management > Advanced Search > Search Results 
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If your first iFolder server is not also your LDAP server, continue with the next section, 
“Configuring Your User LDAP Server.” 


If your first iFolder server is also your LDAP server, the basic configuration tasks are complete. 
See “What's Next” on page 98. 
Configuring Your User LDAP Server 


Novell ¡Folder uses your user LDAP directory to authenticate users on the ¡Folder server. The User 
LDAP directory stores the ¡Folder Server Name and the Disk Quota attribute of User objects for 
user accounts enabled with ¡Folder services. 
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If LDAP and iFolder are not running on the same server, configure the LDAP server information 
for iFolder: 


1 Ifyou are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click log in. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


You must log in with an admin username that has write privileges to the LDAP server or 
servers you plan to modify or add. 


2 Click Global Settings > User LDAPs, then click Add. 
This opens the Add User LDAP subtask. 


Figure 15 Global Settings > User LDAPs > Add > Add User LDAP 


Novell. 


User: Administrator (Master LDAP) 


Global Settings 
General Info 


Add User LDAP 
Global Policies The contexts listed are searched when authenticating users. After specifying the desired contexts for this LDAP server, 
Admin Names press the Update button to save changes, Press the Add button to search for and add additional contexts to search. 


User LDAPs 
iFolder Servers 


- Settings 
LDAP N œ 
en om iFolder_ (e.g. iFolder_ldap)00 
Host DNS or IP 
p 
KS (e.g, 389 or 636) 
Losin: (Requires username with LDAP write privileges for the LDAP server you are adding to update 
ain: the schema and browse the contexts) 
aR Administrator 
context [e.g. o=novell) 
Password 
OK | Cancel | 


3 Enter your LDAP server’s configuration information. 
+ User LDAP Name: The LDAP server host name. 


+ Host DNS or IP: The LDAP server's DNS name such as Idap1.your-domain-name.com 
or IP address such as 192.168.1.1. 


+ Port: The port to use for communications between the ¡Folder server and the user LDAP 
server. Use Port 389 for clear text communications or use Port 636 for Secure Sockets 
Layer (SSL) communications. 


+ Login Username: The admin username for the LDAP server. This username must have 
write privileges for the LDAP server to support extending the schema and browsing 
contexts. 


+ Context: The context you want iFolder to search to authenticate users for the ¡Folder 
server. 


+ Login Password: The password for the Login Username. 


4 Click OK, or click Cancel to abandon the process. 


After you add your LDAP server to ¡Folder system configuration, you are finished with the 
mandatory ¡Folder server configuration. See “What's Next” on page 98. 
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The iFolder installation and mandatory configuration sets default behaviors for the iFolder server 
and client. Use the following table to determine what next to do to configure and manage your 
iFolder system, according to your business needs. 


To Do This 


Refer To 


Configure the global client policies if you want “Configuring Global Client Policies” on page 102 
them to differ from the default settings 


Configure the global server policies if you want “Configuring Global Server Policies” on page 119 
them to differ from the default settings 


Provision User objects for iFolder services “Provisioning User Objects for iFolder Services” 
on page 94 

Expand your iFolder system by adding another “Configuring iFolder on Additional Servers” on 

iFolder server page 98 

Manage iFolder user accounts “Managing iFolder User Accounts” on page 101 

Manage your iFolder servers “Managing iFolder Servers” on page 119 


Configuring iFolder on Additional Servers 


You can install iFolder on an unlimited number of servers to create your iFolder system. 


4 Install iFolder on the additional server. 


For links to specific installation instructions for your operating system, see the table in 
“Installation Scenarios for ¡Folder 2.1” on page 23. 


2 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


3 Add your ¡Folder server to the ¡Folder system. 
3a Click Global Settings > ¡Folder Servers > Add. 


3b Enter the appropriate information, then click Add. 


+ 


Public and Private iFolder Server Names: If the DNS name or IP address of your 
iFolder server goes directly to the iFolder server without being routed through 
another device, meaning that your ¡Folder server is not behind a firewall, you are 
only required to fill in the information beneath the Public heading. 


If the DNS name or IP address of your iFolder server goes through another device, 
like an L4 switch or a firewall that redirects the request to the iFolder server, you 
need to fill in the information under both the Public and Private headings. 


IMPORTANT: If you have Network Address Translation (NAT) functionality built into your 
routers or switches, enter both your iFolder public and private DNS names and IP addresses. 


If your public DNS name or IP address redirects requests to a private iFolder IP 
address, specify a DNS name (not an IP address) as the public address of the iFolder 
server. Then make sure you use an internal DNS server to resolve the DNS name to 
the private address for internal users and use an external DNS server to resolve the 
DNS name to the public address of external users. 
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The Private settings allow the iFolder servers to communicate directly to each other 
within the iFolder system. The Public settings allow you to access the iFolder server 
from outside the firewall. 


+ ¡Folder Ports: The ports that you enter into the ¡Folder Management Console must 
match the ports that you specified during the iFolder installation. You can have 
multiple iFolder servers, using the same port numbers if they all have a unique DNS 
name or IP address. 


Port 80 is used to send the encrypted username and password and data from the 
iFolder client to the iFolder server. iFolder uses RSA encryption to encrypt the 
username and password, and Blowfish encryption to encrypt the user data. Port 443 
is used to access the iFolder Management Console and the Java applet via SSL and 
HTTPS. 


Figure 16 Global Settings > iFolder Servers > Add > Add ¡Folder Server 
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4 Add your LDAP server settings for the new server to the ¡Folder system. 
4a Click the Global Settings icon at the top of the page, then click User LDAPs. 
4b Click Add to add a User LDAP server. 


You can add up to eight LDAP directories. The Global User LDAP that you specified 
during the first installation of ¡Folder appears as iFolder_ldap01. 


The LDAP directories are accessed in alphabetical order when ¡Folder users are 
authenticated. Be careful when naming your LDAP directories. ¡Folder searches the 
directories in alphabetical order. Thus, if your company uses more than one LDAP 
directory, make sure you name the LDAP directories alphabetically, so that the first 
LDAP directories that are listed are the directories that have the majority of your iFolder 
users. 


If you have users with the same username located in multiple contexts, iFolder will 
authenticate the first user it finds during LDAP authentication. All subsequent users who 
are located later in the LDAP authentication process will need to enter their usernames 
and full contexts in the User ID field of the iFolder client login box in order to properly 
authenticate and log in to the iFolder server. 
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Figure 17 Global Settings > User LDAPs > Add > Add User LDAP 


User: Administrator (Waster LDAP) 


Global Settings 


General Info 


Global Policies 
Admin Names 
User LDAPs 
¡Folder Servers 


Add User LDAP 


The contexts listed are searched when authenticating users. After specifying the desired contexts for this LDAP server, 
press the Update button to save changes. Press the Add button to search for and add additional contexts to search. 


User LDAP Name iFolder_ (e.g. iFolder_ldapXx) 
Host DNS or IP 
Port (e.g. 389 or 636) 


(Requires username with LDAP write privileges for the LDAP server you are adding to update 
the schema and browse the contexts) 


Username ¡Administrator 
Context (e.g, o=novell) 
Password [>=] 


— K | _ Cancel | 


Login: 


4c If you want LDAP to search subcontainers below the user context during user 
authentication, click Global Settings > User LDAPs, select the name of your LDAP 
server from the list, select your context from the drop-down list, check the check box, 


then click Update. 


Figure 18 Global Settings > User LDAPS > Server Name > User Contexts for This Server 
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The contexts listed are searched when authenticating users. After specifying the desired 
contexts for this LDAP server, press the Update button to save changes. Press the Add button to 
search for and add additional contexts to search. 


User LDAP Name iFolder_ldap01 
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Port 389 
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Managing iFolder User Accounts 


Before you can manage client policies for your Novell® iFolder® system, you must perform the 
tasks described in: 


+ “Configuring Your First ¡Folder Server” on page 90 
+ “Configuring ¡Folder on Additional Servers” on page 98, as needed 


IMPORTANT: If your global client polices include any enforced or hidden settings, the users must log in with 
the ¡Folder client to create their ¡Folder user accounts. 


Users can download the ¡Folder client from the ¡Folder Web site. For information, see “The ¡Folder 
Web Site for Users” on page 86. 


Before you can manage individual user accounts, your users must log in to the ¡Folder server, using 
the ¡Folder client or the ¡Folder Java applet to create their ¡Folder accounts. 


An ¡Folder administrator can perform the following user management tasks: 
+ “Enabling ¡Folder Services for Users” on page 101 


+ “Adding User Objects to the User LDAP Directory from ¡Folder User Management” on 
page 102 


+ “Configuring Global Client Policies” on page 102 

+ “Using the Remember Password Option” on page 106 

+ “Configuring the Security Passphrase” on page 107 

¢ “Searching for Users in a User LDAP Directory” on page 108 

¢ “Viewing a User’s ¡Folder Account Information” on page 110 

+ “Modifying Individual User Client Policies” on page 113 

+ “Recovering Passphrases” on page 114 

+ “Restoring Deleted or Corrupted Files” on page 115 

¢ “Deleting User Data on the Server” on page 116 

+ “Preventing Data Loss When Resetting User Accounts” on page 116 


+ “Using the Conflict Bin” on page 117 


Enabling iFolder Services for Users 


To add iFolder user accounts to an existing iFolder server, you must enable iFolder services for the 
User objects. For information, see “Provisioning User Objects for iFolder Services” on page 94. 
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Adding User Objects to the User LDAP Directory from iFolder User 
Management 


The User Management task allows you to add new User objects to your LDAP directory from 
within the Novell iFolder Management Console. 


When you add a new iFolder user, you must specify the following: 
+ User ID: The unique network user ID for the new user account. 
+ Password: The user password for the new user account. 
+ ¡Folder Server: The ¡Folder server that provides ¡Folder services for the new user. 


+ LDAP Context: The LDAP context that authenticates the user to the ¡Folder server. 


Adding a new user through the iFolder Management Console accomplishes the following tasks: 
+ It creates a User object in your LDAP directory and creates the corresponding user account. 


+ It adds the iFolderServerName and iFolderQuota attributes to the new User object. Because 
these attributes are iFolder-specific, you must manage them through the iFolder Management 
Console. All other attributes associated with the user account object must be managed through 
your LDAP directory's management tool. 


¢ It automatically enables the use of iFolder services for that user account; you do not need to 
manually enable the new user account for iFolder services. The iFolder user account gets 
created and activated the first time this user logs in to the iFolder server. 


+ Itlets you assign the new user to the Default ¡Folder Server. Whatever ¡Folder server you have 
specified as the default server at the time of the user's initial login becomes the user's assigned 
server. 


¢ Typically, the Default iFolder Server is the first server that you installed iFolder on unless you 
manually changed this. To change your default server name, go to the Global Settings task of 
the iFolder Management Console, then click iFolder Servers. For instructions, see Managing 
iFolder Servers. 


Configuring Global Client Policies 


The iFolder administrator uses the global client policies to control which features the user can 
configure for the iFolder client and what the default settings are. Client policies are rules that 
govern the iFolder client behavior. Global policy settings apply to all iFolder clients and servers. 
You can override global policies for individual users by setting user policies. 


Before you permit users to access the iFolder system for the first time, you must review the default 
settings and configure policies to meet your network needs. Later, if you modify policies, you must 
consider how iFolder effects your changes. In general, client policy changes require only that users 
log out and log in to the iFolder client to effect the changes. However, changes might not apply to 
existing accounts or clients. To apply the changes you make, click Update Client Policy. 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


2 Click Global Policies > Client Policies > Display > Client Policy Settings. 
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Figure 19 Global Settings > Global Policies > Client Policies > Display > Client Policies Settings 
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3 Set the global client policies, then click Update Client Policy. 


For information about global server policies, which includes user disk quotas, see “Configuring 
Global Server Policies” on page 119. 


Understanding iFolder Client Policies 


Client policies specify default settings or values, whether the user can modify the default, and 
whether the user can view the policies. 


The iFolder administrator sets three policy levels for the global client policies: 


+ Default Policies: To enable the policy, check the On check box or specify a value. If the 
default policy setting is not Enforced or Hidden, users can modify the default setting, 
according to their personal preferences. 


In general, if you modify a policy's default setting, the change applies automatically to new 
iFolder accounts and new client installs or upgrades. For existing iFolder accounts and clients, 
if the specific policy is modifiable, you must enable Enforced to force this change to take 
effect. 


If the specific policy is not modifiable for existing accounts, changes do not apply even if they 
are enforced or hidden. For examples, see Encryption and Recover Passphrase policies. 


If the specific policy is not modifiable for existing instances of the iFolder client, a change 
does not apply even if it is enforced or hidden. For an example, see the iFolder Location 
policy. 


+ Enforced: To enforce the default setting, check the Enforced check box. If this option is 
enabled, the default setting is dimmed in the iFolder client. Users can view the default setting, 
but they cannot change it. If this option is disabled, users can modify the default setting, 
according to their personal preferences. 


For both global and user client policies, you must enable the Enforced option when setting or 
changing policies that you want to override the user's personal preferences. Enforced settings 
apply automatically to new iFolder accounts. If the specific policy is modifiable for existing 
accounts or clients and you enable Enforced, the change takes effect the next time the user 
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logs in to their iFolder account, installs a new client, or upgrades an existing client. If it is not 
a modifiable policy for accounts or clients, enabling Enforced has no effect. 


For user client policies, you must enable the Enforced option when setting or modifying a 
policy that you want to override the corresponding global client policy. If it is not a modifiable 
policy for iFolder accounts or clients, enabling Enforced for a user client policy has no effect. 


+ Hidden: To hide the policy and its default setting from the user, check the Hidden check box. 
Users cannot view or modify the default setting. Hidden features are enforced by default. 


You set the default values and behavior for the following client policies: 


+ Encryption: [Default: On, Not Enforced, Not Hidden] Allows the user’s local data to be 
encrypted as it leaves a workstation to travel to the iFolder server, resides on the server, and 
travels to another workstation, where it is unencrypted; the user’s data resides on the user’s 
workstations in unencrypted form. 


Encryption policies cannot be modified for existing accounts. Once set for an iFolder account, 
the decision applies for the life of the account and across all instances of the iFolder client that 
the user installs. If you want to change marked features for all users after accounts exist, you 
must coordinate with users to delete their accounts and recreate them with the new settings 
enforced. For more information about encryption, see “Authentication and Encryption” on 
page 141. 


+ Save Password: [Default: Off, Not Enforced, Not Hidden] Allows automatic entry of the 
user’s password during any iFolder login sequence. 


IMPORTANT: The iFolder client does not pass on system warnings about grace logins. If your 
organization requires frequent password changes, we recommend that users be notified of pending 
change requirements by alternate means so users can proactively change the stored password, if they 
select this option. 


+ Save Passphrase: [Default: Off, Not Enforced, Not Hidden] Allows automatic entry of the 
user’s encryption passphrase during any iFolder login sequence. 


+ Recover Passphrase: [Default: On, Not Enforced, Not Hidden] Allows the ¡Folder 
administrator to recover the user’s encryption passphrase. 


IMPORTANT: Because the Passphrase is the user’s encryption key, the administrator is able to decrypt 
the user’s data files on the iFolder server. Allowing this option implies a trusted relationship for the iFolder 
administrator. 


Recover Passphrase policies cannot be modified for existing accounts. Once set for an iFolder 
account, the decision applies for the life of the account and across all instances of the iFolder 
client that the user installs. If you want to change marked features for all users after accounts 
exist, you must coordinate with users to delete their accounts and recreate them with the new 
settings enforced. 


+ Automatic Syne: [Default: On, Not Enforced, Not Hidden] Allows the ¡Folder client to 
automatically synchronize the user’s iFolder files between the local iFolder directory and the 
iFolder server. 


+ Sync to Server Delay: [Default: 5 seconds with a minimum of 3 seconds, Not Enforced, 
Not Hidden] If Automatic Sync is allowed, sets the default time (in seconds) that the 
¡Folder client waits after a file in the local ¡Folder directory changes until it automatically 
uploads the file to the ¡Folder server. Also sets the minimum and maximum values 
allowed. 


+ Sync from Server Interval: [Default: 20 seconds with a minimum of 10 seconds, Not 
Enforced, Not Hidden] If Automatic Sync is allowed, sets the default time (in seconds) 
after a synchronization occurs that the ¡Folder client waits to check with the ¡Folder 
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server to determine if there are changed files it needs to automatically download to the 
local ¡Folder directory. Also sets the minimum and maximum values allowed. 


For information on synchronization strategies for users, see the Novell ¡Folder 2.1 User 
Guide. 


+ Conflict Bin Space: [Default: 25 megabytes with a minimum of 0 (zero) megabytes, Not 
Enforced, Not Hidden] Sets the default size (in MB) of the Conflict Bin for the user’s iFolder 
account. Also sets the minimum and maximum allowed values. 


The iFolder client uses a Conflict Bin to help prevent the inadvertent loss of user files. Each 
workstation where users install the client has its own bin on the local hard drive. The iFolder 
client stores files in the bin on a first-in, first-out basis. As the bin size nears the maximum 
space allotted, the iFolder client purges documents from the bin to make room for newer files 
that might be in conflict. Ifa file in conflict exceeds the size of the bin, iFolder automatically 
purges the file from the bin. 


In general, the default size of the Conflict Bin should be about 10 to 15 percent of the Initial 
Client Quota. At a minimum, the space allocated should be larger than the largest file size that 
a user might store in his or her ¡Folder account. 


+ ¡Folder Location: [Default: {My Documents}\iFolder\ (User Name}\Home, Not Enforced, 
Not Hidden] Sets the default path of the user’s local iFolder directory. 


Changes to this policy apply only to new instances of the iFolder client for existing accounts 
or to new iFolder accounts. 


Some policies apply only to new iFolder user accounts. The related options appear in the first 
instance of an iFolder client install for that user. After the user sets the preferences, the items no 
longer appear in the login sequence or in subsequent installations of the iFolder client by that user. 


Changing the marked policy has no effect for existing users; it applies only for all subsequently 
created accounts. If you want to change marked features for all users after accounts exist, you must 
coordinate with users to delete their accounts and recreate them with the new settings enforced. 


Examples of Global Client Policies 


Consider the following examples to help you understand how to use the policy levels. 


Example Policy: All users must enable iFolder encryption. 


If you want every user to encrypt iFolder data, set Encryption to On, Enforced, and Hidden as a 
global client policy, then click Update Client Policy. The user must specify an encryption 
passphrase the first time he or she logs in to iFolder. The passphrase serves as the encryption key 
for the user's iFolder account. 


Example Policy: Administrators must be allowed to recover user passphrases. 


If you want to enable the iFolder administrator to recover all users' encryption passphrases, set 
Recover Passphrase to On, Enforced, Hidden and set the Security Passphrase for the 
administrators to use when recovering passphrases. Then click Update Client Policy. The first time 
a user logs in, ¡Folder does not prompt the user with the option to Recover Passphrase because the 
policy is mandatory and hidden from view. 
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Example Policy: Guest users must use clear text when storing iFolder data on the 
iFolder server. 


If you want an individual user account to use clear text only, go to the User Account > Edit Client 
Policies, then set the Encryption, Save Passphrase, and Remember Passphrase policies to Off, 
Enforced, and Hidden as user client policies. Then click Update Client Policy. iFolder does not 
prompt the user with a choice to encrypt iFolder data. 


Example Policy: Users must synchronize files manually to minimize bandwidth 
requirements. 


If you want users to synchronize ¡Folder files only as needed, set Automatic Synchronization to 
Off, Enforced, and Not Hidden as a global client policy. Then click Update Client Policy. The users 
cannot take advantage of automatic synchronization. In the iFolder client, the automatic 
synchronization option is disabled (unchecked) and dimmed on the Account Information > 
Preferences page. The user must use the manual Sync and Stop Sync options to synchronize files, 
using the iFolder client. 


Example Policy: Users must authenticate manually at login. 


Because the client requires that users log in to change their passwords, they can be locked out if 
the password changes while they are logged out of iFolder. If your environment requires frequent 
password changes, you can avoid users being accidentally locked out of their iFolder accounts by 
setting Save Password to Off, Enforced, and Hidden as a global client policy. Then click Update 
Client Policy. The users must enter a valid password each time they log in to the iFolder client. 


Using the Remember Password Option 


If your network environment requires that users change passwords frequently, we recommend that 
you disable the Remember Password option for the iFolder client. The iFolder client will not alert 
users of expired passwords and users might exceed the number of grace logins allowed by your 
network. If a user enables the Remember Password option and the user’s password expires while 
the user is logged out, the user will not be able to log in to iFolder to set the new password. 


Disabling the Remember Password Option for All Users 


To disable the Remember Password policy and make the option unavailable to your users: 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


2 Click Global Settings > Global Client Policies. 

3 Disable the Remember Password option in the ¡Folder client. 
3a Uncheck the Save Password check box. 
3b Check the Enforced check box. 
3c Check the Hidden check box. 

4 Click Update Client Policies. 

5 Click Logout, then close the Web browser. 
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Avoiding Being Locked Out When a Password Changes 


If you enable the Remember Password option for users, make sure to notify users about their 
password expiration through other means. Users must follow some simple precautionary steps 
before changing their network passwords to avoid being locked out of their iFolder accounts. 


If the Remember Password check box is checked in the iFolder client, users must follow these 
steps when changing the passwords associated with their iFolder usernames. 


1 For every instance of the iFolder client where the Remember Password option is enabled, 
disable the Remember Password option. 


da Log in to the ¡Folder client. 


1b Right-click the ¡Folder icon in the system tray, then click Account Information > 
Preferences. 


Ac Uncheck the Remember Password check box, click Apply, then click Yes. 
1d Click File > Logout. 


2 Log in to the network and change the password, following any procedures set by the network 
administrator. 


3 Log in to ¡Folder, using the ¡Folder client, entering the new password instead of the old one. 
4 If desired, re-enable the Remember Password option. 


4a Right-click the ¡Folder icon in the system tray, then click Account Information > 
Preferences. 


4b Check the Remember Password check box, click Apply, then click Yes. 


4c Close the ¡Folder account management window. 


Configuring the Security Passphrase 


If Recover Passphrase is enabled, you must set a Security Passphrase for the ¡Folder administrator. 
You use the Security Passphrase to recover an ¡Folder user's passphrase if the user has forgotten it. 
However, in order to recover a passphrase, the user must have selected Enable Passphrase 
Recovery (or this policy was set to Enforced) on first login to the ¡Folder client. 


4 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


2 Click Global Policies > Display Client Policies > Update Security Passphrase. 
3 Enter a new Security Passphrase, then retype it. 
4 Click Update. 
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Figure 20 Global Settings > Global Policies > Client Policies > Update Security Passphrase > Security 
Passphrase Settings 
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Update 


To change an existing Security Passphrase: 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


Click Global Policies > Display Client Policies > Update Security Passphrase. 


Enter the current Security Passphrase. 


hb O N 


Enter a Security Passphrase, then retype it. 
Click Update. 


a 


For more information on security passphrases, see “Recovering Passphrases” on page 114. 


Searching for Users in a User LDAP Directory 


The User Management task of the Novell ¡Folder Management Console allows you to perform a 
simple search or an advanced search of your user LDAP directory for users whose accounts you 
want to manage. 


Search 


1 From the ¡Folder Management Console, click User Management, then click Search in the left 
navigator. 


2 Use one of these methods to find the user account: 


+ To list all the users in your system, regardless of where their accounts are located, leave 
the Enter Username field blank. 


+ To narrow your search, type letters in the Enter Username field, then click Search. The 
search returns only the iFolder user accounts that begin with the letter or letters that you 
entered. 


+ To find a known user account, type the username. 


3 Click Search. 


Advanced Search 


1 From the ¡Folder Management Console, click User Management, then click Advanced 
Search. 


2 Use the Advanced Search for Users, as shown in Figure 13, to obtain a list of users whose 
accounts you want to manage. 
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IMPORTANT: If an Admin object resides on multiple LDAP servers, do not enable this object as an 
¡Folder user. If you have only one LDAP server and one corresponding Admin user, you can enable this 
object; however, we do not recommend it. 


Figure 21 Search Criteria for Advanced Searches 


¡Folder 


| Management — (ate Agia A Novell 


User Management 
Search 


Advanced Search for Users 


Advanced Search Specify search criteria for the users you want to manage. After finding the desired users, you can manage the 
Add user from the results list 

Search Criteria 

Name ¥ |Starts With v _ Search | 
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iFolder Server Does Not Start With 


Does Not Contain 
In User LDAP: Context [Does Not Equal 


The iFolder Management Console provides an Advanced Search feature. You can use the 
following search criteria to narrow your search: 


User Category Syntax Operator Syntax 
Name Starts With 

Last Name Ends With 

First Name Contains 

E-mail Address Equals 

User Type (All Users, iFolder Users, Non-iFolder Users) Does Not Start With 
iFolder Server (All, select from list) Does Not End With 
In User LDAP: Context (All, select from list) Does Not Contain 


Does Not Equal 


To search for multiple users whose usernames begin with different letters, type the first letter 
of each name separated by a semicolon. For example, if you wanted to search for all 
usernames that begin with the letters A through D, select Name and Starts With operators, then 
type the following in the user name field 


ar;b;c;d 
Click Search. 


The search returns a list of found user accounts. Each username is hyperlinked to the user's 
account information. 
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Figure 22 User Management > Advanced Search > Search Results 
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Viewing a User’s iFolder Account Information 


1 From the iFolder Management Console, click User Management. 


2 Use the Search or Advanced Search feature to find the user account your want to manage. For 
information, see “Searching for Users in a User LDAP Directory” on page 108. 


3 Click the username. 


The user's iFolder account page displays the following information about the selected user's 
iFolder account. 


iFolder User 


The username for the iFolder user. Also known as the user's common name. 


Distinguished Name 


The User object attributes that uniquely identify the selected user in the LDAP directory server. 
For example, cn=acatt,cn=users,dc=mydomain,dc=com. 


User LDAP 


The host name and DNS name or IP address of the user LDAP server that iFolder uses to 
authenticate the selected user. For example, iFolder_ldap01 (Idap1.your-domain-name.com). 


iFolder Server Name 


The host name and DNS name or IP address of the iFolder server where the user's account and 
iFolder data reside. For example, iFolder_server01 (nifl.your-domain-name.com). 
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iFolder Account Path 


The path in the iFolder data directory where the specified user's data resides. For example, 
C8\CA3BA5B45C2BB11A098A1BD6042FFOB6. You need this location to restore a user's 
iFolder data from backup media or to move a user's iFolder data to another iFolder server. 


In the iFolder data directory, the user accounts are separated alphabetically in to subdirectories. 
The account path begins with a two-digit hexadecimal directory name that represents the hashed 
alphanumeric character that is the first character in the username. The user account's directory is 
the hashed hexadecimal value of the username. 


When you installed iFolder, you specified a location on the server where iFolder stores the users' 
iFolder data. For example, iFolder\Data\. The iFolder account path begins in the iFolder data 
directory, so you must prepend the account path with the iFolder data location to get the full path 
to the user's data. For example, iFolder\Data\C8\CA3BA5B45C2BB11A098A 1BD6042FFOB6. 


Disk Quota 


The maximum storage space in megabytes on the iFolder server that you allocated to the user's 
account. By default, the user's initial disk quota is 200 MB. 


Number of Connections 


The total number of connections to the user's iFolder account that are currently active. The 
connections can originate from one or multiple workstations and can access the server, using 
different iFolder interfaces. 


Syncs in Progress 


The total number of active uploads or downloads across the current connections for the selected 
user account. 


Last Sync 


The time stamp of the last completed synchronization for the selected user account. 


Memory in Use 


The total amount of memory currently in use by processes related to the selected user account. 


Used Space 


The total storage space on the iFolder server currently consumed by the specified user's iFolder 
data. 


Upload 


The total amount of iFolder data in megabytes uploaded from the user's workstation to the iFolder 
server for the selected user account. This value includes all data uploaded since the account was 
activated. 


Download 


The total amount of iFolder data in megabytes downloaded from the iFolder server to the user's 
workstation for the selected user account. This value includes all data downloaded since the 
account was activated. 
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If the user has only one workstation, the Download value is usually very low, and might even be 
zero. However, if the user has multiple workstations, each time the user uploads data to the server 
from one workstation, the server downloads the data to the other workstations. Thus, an account 
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with three workstations reports 1 MB of upload and 2 MB of download each time 1 MB is 
uploaded. The Download number can become quite large. 


Number of Directories 


The total number of directories (and subdirectories) in the user's iFolder directory. iFolder supports 
up to 32,765 directories within a user’s iFolder directory. If the user exceed this number, iFolder 


stops writing to the local iFolder directory and data loss is likely. 


Number of Files 


The total number of files in the user's iFolder directory and subdirectories. 


Encryption Status 


Indicates whether encryption is enabled for the iFolder account. [Blowfish or No] 


Client Policy 


The policies that govern how the user's client interface behaves. 
Figure 23 User Management > Advanced Search > User ID 
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Search 
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Number of Connections 0 

Syncs in Progress 0 
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Used Space 226 MB 
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Account Settings: 
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Modifying Individual User Client Policies 


By default, global client policies apply to all iFolder user accounts. However, the iFolder 
administrator can modify the policy settings for a specific user from the User Management page. 


To set iFolder client policies for an individual user: From the iFolder Management Console, click 
User Management > Advanced Search > User_ID > Edit. 


The User Policy page opens to allow you to set policies that apply to the individual. 


User-specific policy settings take precedence over the global policy settings only if you enable the 
Enforced option. Enable Enforced only for those policies that you want to override the default. 


Figure 24 User Management > Advanced Search > User ID > Edit Policy > Policies for {User ID} 
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Setting User Client Policies 


1 Ifyou are not logged in, go to the iFolder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


2 Use Search or Advanced Search to find the user in the LDAP directory whose ¡Folder account 
you want to manage. 


Click the username for the user you found in Step 2. 
Click Edit Client Policies to open the User Client Policies page. 


Modify the fields of the policies that you want to differ from the global settings. For 
information on how to complete each field, see “Configuring Global Client Policies” on 
page 102. 


To override the corresponding global client policy, check the Enforced check box for each 
modified policy. 


Click Update Client Policy to save the changes. 
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When the user next logs in to the account, iFolder uses the enforced global client policies and 
user client policies to create the appropriate default settings. 


Typically, you set iFolder client policies before the first time the user logs on to the account. If the 
user’s account already exists, you must coordinate the new settings with the user. 


If you want to change the Encryption or Recover Passphrase options, you must delete the current 
user account, create a new account for that user, then set the user policies. The user must move data 
in the local iFolder directory to another folder, uninstall the iFolder client, reinstall the iFolder 
client, then move data back to the iFolder local directory to upload it to the iFolder server. 
Re-Setting User Client Policies to the Global Client Policies 


1 Ifyou are not logged in, go to the iFolder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


2 Use Search or Advanced Search to find the user in the LDAP directory whose iFolder account 
you want to manage. For information, see Searching the User LDAP Directory. 


Click the username for the user you found in Step 2. 

Click Edit Client Policies to open the User Client Policies page. 
Click Remove Client Policy. 

Click Update Client Policy to save the changes. 


When the user next logs in to the account, the iFolder client applies enforced global settings 
to the iFolder account. 


Recovering Passphrases 


In order for the iFolder administrator recover a user’s passphrase, either the policy must have been 
set to Enforced or the user must have enabled passphrase recovery the first time he or she logged 
in with the iFolder client. 


1 Ifyou have not already done so, set up your security passphrase. 
See “Configuring the Security Passphrase” on page 107. 


2 Ifyou are not logged in, go to the iFolder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


3 To recover a user’s passphrase, go to the User Management section of the iFolder 
Management Console. 


Search for the appropriate user, then click the username. 


Scroll down to the bottom of the list, then click Recover. 


oa A 


Enter your security passphrase, then click OK. 
7 When the passphrase appears, let the user know what it is. 


You can view user settings by clicking the iFolder Management Console > User Management > 
{Search or Advanced Search} > User_ID. 
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Figure 25 User Management > {Search or Advanced Search} > User_ID > Recover ¡Folder User Passphrase 
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Restoring Deleted or Corrupted Files 


If a user needs to recover data from a deleted or corrupted file, you can restore the user's folder to 
a secondary ¡Folder server. From there, the user can access the ¡Folder server’s copy of his local 
files via a browser or NetDrive. 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


2 Search for the user, then click the username to locate the ¡Folder Account Path. 


Figure 26 Example of the Account Path in an ¡Folder User Account 


Distinguished Name cneetuft,oenovell 
User LDAP iFolder_ldap01 (137,65.71.9) 
(137.65,71.9) 


¡Folder Server Name iFolder_server01 


Disk Quota [200 MB Update 
iFolder User 


3 Restore the folder located at the iFolder Account Path from a backup tape to a secondary 
iFolder server that the user can attach to. 


4 Have the iFolder user use the Java applet or NetDrive to access the secondary iFolder server. 
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When the user logs in, the Java applet will show the user’s data and the user can download the 
file that was previously deleted. Using the iFolder Java applet or NetDrive is a good choice 
because they do not synchronize data; they only give access. 


Deleting User Data on the Server 
If a user forgets his or her password, you can delete the user data on the iFolder server and then 
have the user log in again. When the user logs in, iFolder prompts the user for a new password. 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


2 Click User Management in the tool bar. 


3 Search for a specific user if you know the unique user ID; if not, find the user by doing an 
advanced search. 


4 Click the username, scroll to the bottom of the page, then click Remove iFolder User Data. 


5 Click OK to confirm the removal of the user data. 


You can view user settings by clicking the iFolder Management Console > User Management > 
Search [or Advanced Search] > User_ID. 


Figure 27 User Management > (Search or Advanced Search} > User_ID > Remove ¡Folder User Data 
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Preventing Data Loss When Resetting User Accounts 


Before you delete the user account, the user must do the following to prevent data loss during an 
account reset: 
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1 Copy data from the current local ¡Folder directory to another local directory on the user 
workstation, then delete the local iFolder directory. 


2 Uninstall the iFolder client from the user workstation. 


2a Click Start > Settings > Control Panel > Add/Remove Programs > Change or Remove 
Programs. 


2b Select Novell iFolder client, then click Change/Remove > Yes. 
3 Go to the iFolder Web site to download the iFolder client software. 


You can get the URL from your iFolder administrator. The iFolder Web site is typically 
located at the following URL: 


http://nifl.your-domain-name.com/iFolder 


Replace nif1.your-domain-name.com with the actual DNS name or IP address of your iFolder 
server. 


4 Follow the download and installation instructions to install the ¡Folder client. 


5 Ifthe user ID, password, or encryption passphrase have changed, enter the new values during 
the reinstallation of the iFolder client. 


6 Move the user data to the newly created local iFolder directory. 


7 Either wait for the files to synchronize automatically, or right-click the iFolder icon in the 
system tray, then click Sync Now. 


Using the Conflict Bin 


The iFolder client has a feature called the Conflict Bin. A user will rarely need to access this 
option; however, it is useful to understand this feature. The following scenario illustrates what the 
Conflict Bin is and how it works. 


Suppose that John is one of your iFolder users. John has the iFolder client installed on two 
computers: computer A and computer B. At some point in the day, John disconnects both of these 
computers from the network and continues to work from both computers offline. While he is 
working, he makes a change to one of his iFolder files on computer A and then, later in the day, he 
makes a different change to the same file on computer B. He then reconnects computer A to the 
network in order to synchronize the changes to the ¡Folder server. Then, John reconnects computer 
B to the network to synchronize the new change. 


When computer B reconnects to the network and synchronizes the change to the iFolder server, 
the change that John made on computer A would be overwritten with the change that John made 
to that same file from computer B. To prevent data loss, iFolder saves the overwritten file to the 
Conflict Bin. John can access the Conflict Bin by right-clicking the iFolder icon located in the 
system tray of the computer that originally contained the file that was overwritten. 


NOTE: If the problem file is larger than the quota set for the Conflict Bin, the file will not be saved in the bin; it 
will be discarded. 
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Managing iFolder Servers 


Use the Novell® iFolder® Management Console to change your iFolder server’s IP address, DNS 
name, or assigned ports. 


Before you can manage server policies for your Novell iFolder system, you must perform the tasks 
described in: 


+ “Configuring Your First ¡Folder Server” on page 90 

+ “Configuring ¡Folder on Additional Servers” on page 98, as needed 
This section describes the following management tasks: 

+ “Adding ¡Folder Servers” on page 119 

+ “Configuring Global Server Policies” on page 119 


+ “Managing the User Disk Quotas for ¡Folder User Accounts” on page 120 


Adding ¡Folder Servers 


Your first ¡Folder server is automatically added to the ¡Folder Management Console for you. All 
additional ¡Folder servers must be manually added into the ¡Folder system in order for you to 
manage them. You can have an unlimited number of ¡Folder servers. For information on adding 
servers, see “Configuring iFolder on Additional Servers” on page 98. 


Configuring Global Server Policies 


Server policies are rules that govern how the ¡Folder server behaves for users. You can regulate 
how much disk space will be allotted to each ¡Folder user or how much time will pass before a 
session times out. 


4 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


2 Click Global Policies, then click Display Server Policies. 


Managing iFolder Servers 119 


Novell Confidential Manual (ENU) 21 December 2004 


Figure 28 Global Settings > Global Policies > Display Server Policies > Server Policies 
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3 Complete the following information: 


+ Initial Client Quota: [Default: 200 megabytes] Specify the amount of storage space (in 
MB) that will be the minimum amount assigned to new iFolder user accounts. The 
maximum disk quota size for an iFolder account is 8 TB. Changes to this value go into 
effect immediately only for new iFolder accounts. 


+ Session Timeout: [Default: 60 minutes] Specify the maximum length of time (in 
minutes) that a session will be continued when there is no synchronization activity. If the 
session times out, the client must go through a reconnect step before its next 
synchronization. Changes to this value go into effect immediately for all iFolder users. 


+ Debug Output: [Default: Enabled (checked)] Check the check box to enable 
synchronization activity to be logged and available for analysis.Changes to this value go 
into effect immediately for all iFolder users. For instructions on viewing the log, see 
“Debugging Synchronization Activity on Your iFolder Server” on page 131. 


4 Click Update Server Policies to enforce the changes. 


Managing the User Disk Quotas for iFolder User Accounts 


The Initial Client Quota, specified in the Global Server Policies, determines the default maximum 
disk space allocated to a new iFolder account. For information, see “Configuring Global Server 
Policies” on page 119. 


As the account matures, or for select users, you might need to expand or reduce the amount of 
space allocated to an iFolder account. The User Disk Quota specifies the actual maximum disk 
space allocated to an individual iFolder account. The maximum disk quota size for an iFolder 
account is 8 TB. 


Modifications to the User Disk Quota apply immediately to the user's iFolder account. If you 
reduce the quota below the current size of the user's iFolder data, the user is not able to upload data 
to the iFolder server until the user deletes or moves a sufficient amount of data from his or her 
iFolder account. 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


2 From the iFolder Management Console, click User Management. 


3 Use Search or Advanced Search to find the user in the LDAP directory whose iFolder account 
you want to manage. 


4 Click the username for the user you found. 
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5 Specify the maximum amount of storage space in megabytes that the selected iFolder account 
can use on the iFolder server. 


6 Click Update. 
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Managing User LDAP Servers 


Novell® iFolder® uses your user LDAP directory to authenticate users on the iFolder server. The 
User LDAP directory stores the iFolder Server Name and the Disk Quota attribute to User objects 
for user accounts you have enabled for iFolder services. For information on enabling users, see 
“Provisioning User Objects for iFolder Services” on page 94. 


Use multiple LDAP directories, if needed, to maintain your current organization and group 
management even in the event of a server failure. Regardless of how many iFolder servers in your 
iFolder system, you can specify up to eight User LDAP directories. 


Whenever you add an LDAP server through the iFolder Management Console for user 
authentication, you must log in, using an admin username that has write privileges to the LDAP 
server or servers you plan to modify or add. 


This section describes the following User LDAP management tasks: 
+ “Modifying User Contexts for the User LDAP Server” on page 123 
+ “Adding a User LDAP Server to the ¡Folder System” on page 124 
+ “Adding a User LDAP Server for a Linux-Based ¡Folder 2.1.2 Server” on page 124 
+ “Replacing a User LDAP Server for the ¡Folder System” on page 126 
+ “Replacing a User LDAP Server for the Linux-Based ¡Folder 2.1.2 Server” on page 126 
+ “Deleting a Single User LDAP Server from the ¡Folder System” on page 126 
+ “Deleting All User LDAP Servers from the ¡Folder System” on page 127 
+ “Using Clear Text or SSL Connections to the User LDAP Server” on page 127 


For more information on how ¡Folder and LDAP work together, see Chapter 2, “Understanding 
the Novell ¡Folder Architecture,” on page 19. 


Modifying User Contexts for the User LDAP Server 
For each ¡Folder server, you must specify the contexts where you want an iFolder server to search 
for User objects during the user authentication process. 


4 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


2 Click Global Settings > User LDAPs. 

The User LDAPs page lists the existing LDAP servers you have identified to iFolder. 
3 Click the LDAP server that you want to modify. 
4 Do one of the following: 
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+ Add Contexts: Click Add. Select the context. To specify that ¡Folder should search the 
subcontainers of the context, check the Search Subcontainers check box. Click OK. 


In the contexts field, list all of the contexts, separated by semicolons (;) with no spaces. 
The order of the contexts is the order in which the contexts will be searched. The first 
context that is listed should be the context that contains the Admin user. 


+ Remove Contexts: Check the Context check box next to one more contexts, then click 
Remove. 


5 Click Update to save your changes. 


If you do not click Update before moving to another location in the console or before exiting 
the console, your changes will be lost. 


Adding a User LDAP Server to the iFolder System 


You can specify up to eight User LDAP servers for your iFolder system. All user LDAPs must be 
in the same Novell eDirectory tree. 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


2 Click Global Settings > User LDAPs. 

The User LDAPs page lists the existing LDAP servers you have identified to iFolder. 
3 Click Add. 

This opens the Add User LDAP page. 
4 Type the following information: 

+ User LDAP Name: The LDAP server host name. 


+ Host DNS or IP: The LDAP server's DNS name such as Idap1.your-domain-name.com 
or IP address such as 192.168.1.1. 


+ Port: The port to use for communications between the ¡Folder server and the LDAP 
server. Choose Port 389 for clear text or Port 636 for Secure Sockets Layer (SSL) 
communications. For information, see “Using Clear Text or SSL Connections to the User 
LDAP Server” on page 127. 


+ Login Username: The admin username for the LDAP server. This username must have 
write privileges for the LDAP server to support extending the schema and browsing 
contexts. 


+ Context: The context you want iFolder to search to authenticate users for the ¡Folder 
server. 


+ Login Password: The password for the Login Username. 


5 Click OK, or click Cancel to abandon the process. 


Adding a User LDAP Server for a Linux-Based ¡Folder 2.1.2 Server 


This section describes how to add a user LDAP server to your ¡Folder 2.1.2 server for Enterprise 
Linux solutions. You can specify up to eight User LDAP servers for your ¡Folder system. All user 
LDAPs must be in the same Novell eDirectory tree. 
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Copy the self-signed root certificate file (RootCert.der) from 
/etc/opt/novell/ifolder/RootCert.der 

to the following location 
/opt/novell/ifolder/Server/LDAP/import/RootCert.der 


If you are not logged in, go to the iFolder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


The iFolder Management Console opens to the Global Settings > General Information page, 
which shows the current LDAP settings for the iFolder server. 


Click Global Settings > User LDAPs. 
The User LDAPs page lists the existing LDAP servers you have identified to iFolder. 


4 Click Add. 


This opens the Add User LDAP page. 
Type the following information: 
+ User LDAP Name: The LDAP server host name. 


+ Host DNS or IP: The LDAP server's DNS name such as Idap1.your-domain-name.com 
or IP address such as 192.168.1.1. 


+ Port: The port to use for communications between the ¡Folder server and the LDAP 
server. Choose Port 389 for clear text or Port 636 for Secure Sockets Layer (SSL) 
communications. For information, see “Using Clear Text or SSL Connections to the User 
LDAP Server” on page 127. 


+ Login Username: The admin username for the LDAP server. This username must have 
write privileges for the LDAP server to support extending the schema and browsing 
contexts. 


+ Context: The context you want iFolder to search to authenticate users for the ¡Folder 
server. 


+ Login Password: The password for the Login Username. 

Click OK, or click Cancel to abandon the process. 

Add any additional search contexts for the new LDAP server, then click OK. 
Exit the iFolder Management Console. 


Modify the LdapHost directive in the httpd_ifolder_unix.conf file to point to the new LDAP 
server. 


9a Open the /etc/opt/novell/ifolder/httpd_ifolder_unix.conf file in a text editor. 


9b Replace the current setting of the LdapHost directive with the IP address or DNS name 
of the new LDAP server. 


9c Save the file. 


10 Restart iFolder. 


10a To stop the iFolder server gracefully, at the server console, enter 
/etc/init.d/novell-httpd stop 


10b To start the iFolder server, at the server console, enter 
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etc/init.d/novell-httpd start 


11 To verify the new User LDAP server settings, if you are not logged in, go to the iFolder 
Management Console, click Global Settings, enter your administrator username and 
password, then click login. For details, see “Logging In to the iFolder Management Console” 
on page 90. 


The iFolder Management Console opens to the Global Settings > General Information page, 
which shows the current LDAP settings for the iFolder server. 


Replacing a User LDAP Server for the iFolder System 


If you have multiple User LDAP server resources available to your iFolder server, you can add or 
delete User LDAP resources from the list, as needed, within the 1 to 8 User LDAP servers allowed. 
However, if you have a single User LDAP server as a resource for your iFolder server and need to 
replace it with a different User LDAP server, you must add the new LDAP server before you delete 
the existing User LDAP server from the User LDAP resources for the server. 


4 Add the new User LDAP server to your iFolder server. For information, see “Adding a User 
LDAP Server to the iFolder System” on page 124. 


2 Delete the old User LDAP server from your Linux-based iFolder 2.1.2 server. For 
information, see “Deleting a Single User LDAP Server from the iFolder System” on page 126. 


Replacing a User LDAP Server for the Linux-Based iFolder 2.1.2 
Server 


If you have multiple User LDAP server resources available to your iFolder server, you can add or 
delete User LDAP resources from the list, as needed, within the 1 to 8 User LDAP servers allowed. 
However, if you have a single User LDAP server as a resource for your iFolder server and need to 
replace it with a different User LDAP server, you must add the new LDAP server before you delete 
the existing User LDAP server from the User LDAP resources for the server. 


To replace a User LDAP server on your Linux-based iFolder 2.1.2 server: 


4 Add the new User LDAP server to your Linux-based iFolder 2.1.2 server. For information, 
see “Adding a User LDAP Server for a Linux-Based iFolder 2.1.2 Server” on page 124. 


2 Delete the old User LDAP server from your Linux-based iFolder 2.1.2 server. For 
information, see “Deleting a Single User LDAP Server from the iFolder System” on page 126. 


Deleting a Single User LDAP Server from the iFolder System 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


2 Click Global Settings > User LDAPs. 

The User LDAPs page lists the existing LDAP servers you have identified to iFolder. 
3 Click the link for the LDAP server that you want to delete. 

This opens the management page for the individual LDAP server. 


4 Click Delete. 
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This removes the LDAP objects that are associated with the selected LDAP server from the 
LDAP directory. Its LDAP objects can no longer be managed through the iFolder 
Management Console. 


Deleting All User LDAP Servers from the iFolder System 


1 Ifyou are not logged in, go to the iFolder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


2 Click Global Settings > User LDAPs. 
The User LDAPs page lists the existing LDAP servers you have identified to iFolder. 
3 Click Delete All. 


This removes the LDAP objects that are associated with all of the LDAP servers from the 
LDAP directory. The LDAP objects can no longer be managed through the iFolder 
Management Console. You must add LDAP servers to the list so that iFolder can authenticate 
users. 


Using Clear Text or SSL Connections to the User LDAP Server 


Select Port 389 if you want to use LDAP without SSL encryption or if your LDAP server does not 
support SSL. Port 389 is also a good choice if iFolder and LDAP are running on the same server. 
Because no communication or data is being transferred across network connections, no encryption 
is necessary. 


IMPORTANT: If you select Port 389, the LDAP Group object must be marked to allow clear text passwords, 
using your LDAP server management tool. 


Select Port 636 if you want to use SSL, which provides your network with encryption and security 
when data is transferred across network connections. SSL requires a Root Certificate. 


If you select Port 636, make sure you have previously copied the LDAP trusted root certificate 
(rootcert.der file) from your LDAP server to a directory on your iFolder server. For example, in 
NetWare, copy the file from LDAP server’s sys:\public directory to an ¡Folder server's sys:\public 
directory. If you use port 636, you must enter the path to the directory on your iFolder server where 
you copied the rootcert.der file. 


When you add a secure LDAP server to your ¡Folder system, the root certificate is copied into an 
attribute of the iFolderSettings class on the Global Settings LDAP. 
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Monitoring Your iFolder System 


The System Monitoring task of the Novell® iFolder® Management Console lists general 
information about the User LDAP servers and iFolder servers in your iFolder system. It also allows 
you to temporarily pause and resume synchronization services for an iFolder server. 


This section discusses the following: 
+ “Accessing the ¡Folder System Monitoring Tool” on page 129 
+ “Monitoring User LDAP Server Status” on page 130 
+ “Monitoring ¡Folder Server Status” on page 130 
¢ “Stopping Synchronization between ¡Folder Servers and Clients” on page 131 


+ “Debugging Synchronization Activity on Your ¡Folder Server” on page 131 


Accessing the ¡Folder System Monitoring Tool 


4 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


2 Click System Monitoring in the tool bar. 
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Figure 29 Example of (Folder System Monitoring 


iFolder 
Management 


[ta] Novell. 
User: Administrator (Master LDAP) 


System Monitoring 


LDAP Name IP or DNS Name Status 


iFolder_Idap01 melplex. melift.com OK 


iFolder Server Name | IP or DNS Name Status User Accounts | Current Users ales G G 
iFolder_server01 ; AAA: 
(default) melcpq.melift.com | OK 3 0 0 34265 MB | 01:03:31:08 
iFolder_server02 melplex. melift.com | OK 1 0 0 11266 MB | 01:03:50:17 
¡Folder Server: [an +] _ Stop Sync | 


Note: After Stop Synchronization you must Stop and then Start the World Wide Web Publishing Service on your IIS iFolder 
Server. 


Monitoring User LDAP Server Status 


For each user LDAP server, the system reports the following: 
+ LDAP Name: The host name of the user LDAP server. For example, iFolder_Idap01. 


+ IP Address or DNS Name: The IP address or DNS name of the user LDAP server. For 
example, ldap1.your-domain-name.com or 192.168.1.1. 


+ Status: The current operational status of the user LDAP server, either OK (up and running) 
or No (down). 


Monitoring ¡Folder Server Status 


For each ¡Folder server in your ¡Folder system, ¡Folder reports the following: 
+ ¡Folder Server Name: The host name of the ¡Folder server. For example, iFolder_server01. 


+ IP Address or DNS Name: The IP address or DNS name of the ¡Folder server. For example, 
nifl .your-domain-name.com or 192.168.1.1. 


+ Status: The current operational status of the ¡Folder server, either OK (up and running) or No 
(down). 


+ User Accounts: The number of user accounts currently assigned to the ¡Folder server. 
+ Current Users: The number of users currently connected to the ¡Folder server. 


+ Current Sessions: The number of concurrent connections currently made between user 
workstations and the ¡Folder server. This might be more than the number of current users 
because a user might have multiple workstations synchronizing to a single user account. 
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+ Disk Space Available: The amount of disk space that is available on the ¡Folder user data 
volume that is not currently in use. 


+ Server Up Time: The elapsed time between the last server start time and the current time, that 
is, the amount of time the iFolder server has been up and running. 


Stopping Synchronization between iFolder Servers and Clients 
You have the option to halt automatic synchronization between a specific ¡Folder server and its 
iFolder clients. 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


2 Click System Monitoring in the tool bar. 


3 Select the server from the iFolder server drop-down list. 
4 Click Stop Sync. 
5 If you are using IIS, stop and start the Web server to put this change into effect. 


Reverse this process to resume synchronization services. 


Debugging Synchronization Activity on Your iFolder Server 


You can view a log of synchronization activity on your Novell iFolder servers to help debug 
problems. 


To enable or disable logging: 


1 If you are not logged in, go to the ¡Folder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the ¡Folder Management Console” on page 90. 


2 From the ¡Folder Management Console, click Global Settings > Global Policies. 
3 Click Display Server Policies. 


4 Check the Debug Output check box to enable logging. Uncheck the Debug Output check box 
to disable logging. 


5 Click Update Server Policies. 


To view the log, use one of the following methods, depending on the server operating system and 
the version of iFolder you use: 


+ “Using Debug Output in ¡Folder 2.1.x for NetWare Servers” on page 132 

+ “Using Debug Output in ¡Folder 2.1 for Windows 2000 Servers” on page 132 

+ “Using Debug Output in ¡Folder 2.1 for Linux Servers” on page 132 

+ “Using Debug Output in ¡Folder 2.1.2 for Enterprise Linux Servers” on page 133 
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Using Debug Output in iFolder 2.1.x for NetWare Servers 


You can view all of the synchronization activity on each NetWare server when you click Debug 
Output. The log information is output to the Apache screen located on each iFolder server. 


Using Debug Output in iFolder 2.1 for Windows 2000 Servers 


1 Create a logs directory at c:\inetpub\wwwroot\iFolder\DocumentRoot. 


2 In the Windows Registry, go to 
HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\iFolderServer, 
then add the following line: 


ifolderserverlogging c:\inetpub\wwwroot\iFolder\DocumentRoot\logs\index.html 


3 To access the log, in a Web browser, enter the DNS name or IP address of your ¡Folder server, 
followed by the directory and filename. 


For example, http://nif1. your-domain-name.com/logs/index.html, where nifl .your-domain- 
name.com is the actual DNS name or IP address of your ¡Folder server. 


Using Debug Output in iFolder 2.1 for Linux Servers 


1 To set permissions for the logs directory to allow Apache to create and write a file for logging, 
at the server console prompt, enter the following command: 


chmod 760 /usr/local/apache2/ifolder/DocumentRoot/logs 


2 Edit the /usr/local/apache2/¡FolderServer/httpd_ifolder_unix.conf file by adding the 
following directive to the end of the Virtual Hosts sections for both port 80 and port 443: 


iFolderServerLogging “/usr/local/apache2/ifolder/DocumentRoot/logs/index.html” 


This allows ¡Folder to create the index.html file in the /usr/local/apache2/ifolder/ 
DocumentRoot/logs directory and to write the synchronization activity for the ¡Folder server 
to it. 


3 Restart your Apache server by entering the following commands at the server console: 
/etc/init.d/httpd stop 
/etc/init.d/httpd start 

4 To access the ¡Folder log, do one of the following: 


+ In your Web browser, enter the DNS name or IP address of your ¡Folder server, followed 
by the directory and filename. 


For example, go to the URL http://nif1 .vour-domain-name.com/logs/index.html, where 
nifl .your-domain-name.com is the actual DNS name or IP address of your ¡Folder server. 


+ At the server console, enter 
tail -f pathandfilename 


For example, 


tail -f /usr/local/apache2/ifolder/DocumentRoot/logs/index.html 
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Using Debug Output in iFolder 2.1.2 for Enterprise Linux Servers 


1 To create and set permissions for a directory where the log file resides, at the server console 
prompt, enter the following commands: 


mkdir /var/opt/novell/ifolder/DocumentRoot/logs 


chmod 760 /var/opt/novell/ifolder/DocumentRoot/logs 


chown novlwww /var/opt/novell/ifolder/DocumentRoot/logs 


2 Edit the /etc/opt/novell/ifolder/httpd_ifolder_unix.conf file by adding the following directive 
to the end of the file: 


iFolderServerLogging “/var/opt/novell/ifolder/DocumentRoot/logs/index.htm1” 


This allows iFolder to create the index.html file in the /var/opt/novell/ifolder/DocumentRoot/ 
logs directory and to write the synchronization activity for the iFolder server to it. 


3 Restart your Apache server by entering the following commands at the server console: 


/etc/init.d/novell-httpd stop 


/etc/init.d/novell-httpd start 


4 To access this information, do one of the following: 


+ 


In your Web browser, enter the DNS name or IP address of your iFolder server, followed 
by the directory and filename. 


For example, go to the URL http://nif1.your-domain-name.com/logs/index.html, where 
nifl.your-domain-name.com is the actual DNS name or IP address of your ¡Folder server. 


At the server console, enter 


tail -f pathandfilename 


For example, 


tail -f /var/opt/novell/ifolder/DocumentRoot/logs/index.html 
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Generating Reports for Your iFolder System 


The Reporting option in the Novell® iFolder® Management Console generates statistics about 
your iFolder system, iFolder servers, user LDAP servers, or iFolder user accounts, then displays 
the information in report format. 


This section discusses the following topics: 
+ “Reporting General Information” on page 135 
+ “Reporting iFolder Server Information” on page 136 
+ “Reporting User LDAP Server Information” on page 137 
+ “Reporting ¡Folder User Account Information” on page 137 
+ “Creating Reports” on page 139 
+ “Exporting and Manipulating Reports” on page 139 
+ “Printing Reports” on page 139 


Reporting General Information 


The General Information report displays information about the number of users and the storage 
resources in use on each of the ¡Folder servers in your ¡Folder system. 


Figure 30 Novell iFolder General Information Report 


RYN E Novell. 
User: Administrator (Master LDAP} ig 
Reporting a. 
General Information 

General Info 

iFolder Servers [Total Number of Users [4 

User LDAPs [Total Disk Quota 12000 MB 

User Accounts [Total Disk Space Used 678 MB 


The report includes the following data: 


+ Total Number of Users: The number of usernames provisioned with ¡Folder services that 
have activated a corresponding ¡Folder account. 


+ Total Disk Quota: The sum of all storage space on your ¡Folder system assigned to ¡Folder 
accounts based on all of the individual User Disk Quotas. This represents the maximum 
amount of space on your ¡Folder servers that is currently set aside for storing ¡Folder data. For 
example, 12000 MB. 
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¢ Total Disk Space Used: The sum of all storage space on your iFolder system currently used 
to store iFolder data based on the actual space consumed by all iFolder accounts. This 
represents the actual amount of space on your iFolder servers currently in use by all iFolder 
accounts. For example, 2309 MB. 


Reporting iFolder Server Information 


The iFolder Server report displays information about the operational state of your iFolder servers. 
You can view the information for all iFolder servers or a specified iFolder server in your iFolder 
system. From the Show Information about iFolder Server drop-down list, select All or select a 
specific iFolder server, then click Display. 


Figure 31 Novell iFolder Servers Report 
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The report includes the following data: 
+ ¡Folder Server Name: The host name of the ¡Folder server. For example, iFolder_server01. 


+ IP or DNS Name: The IP address (such as 192.168.1.1) or DNS name (such as nifl .your- 
domain-name.com) of the specified ¡Folder server. 


+ Server Up Time: The elapsed time since the last server reboot. 


+ ¡Folder Server Version: The ¡Folder version running on the specified server. [Version 
number and release date (mm/dd/yy)] 


+ User Accounts: The total number of iFolder accounts assigned to the specified ¡Folder server. 
+ Current Users: The total number of users currently logged in to the specified ¡Folder server. 


+ Current Sessions: The total number of ¡Folder sessions currently active on the specified 
¡Folder server. For example, a user might be logged in from multiple machines concurrently 
to create multiple sessions. 


Each ¡Folder server can support between 5,000 and 10,000 concurrent ¡Folder sessions, 
depending on the CPU, memory, and bandwidth available on the server. 


+ Total Disk Space Used: The total amount of space currently consumed by the all users' 
¡Folder data on the specified ¡Folder server. For example, 12200 MB. 


+ Total Disk Quota: The total of all user disk quotas allocated to the ¡Folder accounts on the 
specified server. For example, 100,000 MB. The maximum disk quota size for an individual 
¡Folder account is 8 TB. 


+ ¡Folder Host OS: The server operating system used by the ¡Folder server. For example, 
NetWare 6.5, Red Hat Linux, or Windows 2000. 
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+ ¡Folder Host Web Server: The Web server that ¡Folder uses to manage user connections and 
to administer iFolder. [Apache Web Server or Microsoft IIS] 


+ User Data: The path to the directory location where all ¡Folder data is stored on the specified 
iFolder server. 


+ Application Root: The path to the directory location where the iFolder application is stored 
on the specified iFolder server. 


Reporting User LDAP Server Information 


Your iFolder system can specify up to 8 user LDAP servers to authenticate iFolder users when they 
log in to the iFolder servers. Use this report to determine how many of the usernames managed by 
a given user LDAP server are associated with existing iFolder accounts. 


Figure 32 Novell iFolder User LDAP Servers Report 


iFolder 


User: Administrator (Master LDAP) 


(ta] Novell. 


Reportin - —— 
ae User LDAPs 
General Info 
¡Folder Servers | LDAP Name [iP or DNS Name Status | LDAP Users | iFolder Users 
User LDAPs | | | | | 
User Accounts |iFolder_Idap01 | melplex.melift.com lok | 10 | 4 
— Export | 


The report includes the following data: 
+ LDAP Name: The host name of the specified LDAP server. For example, iFolder_Idap01. 


+ IP or DNS Name: The IP address (such as 192.168.1.1) or DNS name (such as Idap1.your- 
domain-name.com) of the specified LDAP server. 


+ Status: The current availability of the specified user LDAP server. [OK or No] 


+ LDAP Users: The total number of all network usernames authenticated by the specified user 
LDAP server. 


¢ iFolder Users: The total number of iFolder user accounts authenticated by the specified user 
LDAP server. 


Reporting iFolder User Account Information 


The iFolder User Account report displays information about the iFolder accounts on all servers in 
your iFolder system or about the iFolder accounts assigned to a specific iFolder server. Use this 
report to view a list of users by iFolder server, statistics about the storage and bandwidth consumed 
by an iFolder user account, and which user accounts use encryption versus clear text for data 
transfers between workstations and the iFolder server and while stored on the iFolder server. 


You can view the iFolder user accounts information for all iFolder servers or a specified iFolder 
server in your iFolder system. From the Show User Accounts on iFolder Server drop-down list, 
select All or select a specific iFolder server, then click Display. 
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Figure 33 Novell iFolder User Accounts Report 
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Reporting 
General Info 
iFolder Servers > 
PA Show user accounts on iFolder server |All +] 
User LDAPs 
Displa: Export 
User Accounts a | 
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The report includes the following data: 
+ User Name: The user's username associated with the ¡Folder account. For example, acatt. 
¢ iFolder Server: The host name of the iFolder server. For example, iFolder_server01. 


+ Used Space: The total amount of space currently consumed by the user's ¡Folder data on the 
iFolder server. For example, 235 MB. 


+ Quota: The current user disk quota allocated to the ¡Folder account. For example, 500 MB. 
The maximum disk quota size for an iFolder account is 8 TB. 


+ Last Sync: The time stamp of the last synchronization of iFolder data. [MMM dd yyyy 
hh:mm:ss] (month, day, year, hours, minutes, and seconds) 


¢ Directories: The total number of directories (including subdirectories) in the user's iFolder 
directory. 


iFolder supports up to 32,765 directories within a user’s iFolder directory. If the user exceed 
this number, iFolder stops writing to the local iFolder directory and data loss is likely. Typical 
iFolder users are unlikely to exceed this upper limit with normal use. However, you should 
monitor use to alert users if they are approaching this limit. 


+ Upload: The the total amount of the ¡Folder data uploaded from the user's workstation to the 
iFolder server since the account was activated. 


An individual file must be smaller than 4 GB to be synchronized with iFolder. The smallest 
data transfer is a 4 KB block of data. 


+ Download: The the total amount of the ¡Folder data downloaded from the ¡Folder server to 
the user's workstation since the account was activated. 


An individual file must be smaller than 4 GB to be synchronized with iFolder. The smallest 
data transfer is a 4 KB block of data. 


¢ Encryption: Indicates whether encryption is enabled for the iFolder account. [Blowfish or 
No] 
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Creating Reports 


1 Ifyou are not logged in, go to the iFolder Management Console, click Global Settings, enter 
your administrator username and password, then click login. For details, see “Logging In to 
the iFolder Management Console” on page 90. 


2 Click Reporting L in the tool bar. 
3 Do one of the following: 
+ General Info: Click General Info. 


+ ¡Folder Servers: Click ¡Folder Servers. From the Show Information about iFolder Server 
drop-down list, select All or select a specific iFolder server, then click Display. 


+ User LDAPs: Click User LDAPs. Click View Report, or right-click the link for an option 
to save the report. 


+ User Accounts: Click User Accounts. From the Show User Accounts on ¡Folder Server 
drop-down list, select All or select a specific iFolder server, then click Display. 


Exporting and Manipulating Reports 


1 Create a report. For information, see “Creating Reports” on page 139. 
2 Click Export. 


3 Specify a name for the HTML file and a location where you want to save the file, then click 
Save. 


4 Import the data into a spreadsheet application where you can create reports, graphs, and other 
visual presentations. 


Printing Reports 
To print the iFolder report as displayed on the Web page, use the print feature of your Web browser. 


For different formats, you must export the data and reorganize the data, using a spreadsheet 
application. 
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In-Depth Look at Authentication, Encryption, 
and Synchronization 


This section gives you an in depth view of how Novell® iFolder® 2.1 authentication, encryption, 
and synchronization work. For an overview, see Chapter 2, “Understanding the Novell ¡Folder 
Architecture,” on page 19. 


After the ¡Folder software is installed and configured, users can download and install the ¡Folder 
client. For installation instructions, see the Novell ¡Folder Ouick Start. 


Before a user can use ¡Folder on his local workstation, the administrator must enable the user’s 
User object in the ¡Folder Management Console. You can control who is authorized to have an 
¡Folder account by enabling User objects or, in other words, by giving those users authority to 

create and use ¡Folder accounts. 


iFolder accounts are initialized the first time a provisioned user logs in to the ¡Folder server, using 
the ¡Folder client, the ¡Folder Web site Login (Java applet or NetStorage), or NetDrive. After a user 
account is initialized, the ¡Folder administrator manages it through the ¡Folder Management 
Console. 


As users begin to populate their ¡Folder directories with data, the ¡Folder client supports automatic 
synchronization. Users can install the ¡Folder client on multiple workstations, which allows them 
to move between computers and locations easily, knowing their data is always secure, backed up 
on the network, and following them in its electronic footsteps so that the latest copy of their data 
is available from any location and at any time. 


Authentication and Encryption 


The ¡Folder client talks to the ¡Folder server over HTTP port 80, which is a clear text, unencrypted 
port. Data requests that are exchanged between the ¡Folder client and ¡Folder server are never 
encrypted. However, the username and password are always encrypted. Novell ¡Folder encrypts 
the data over the connection and while the file is on the ¡Folder server only if the user selects the 
encryption option at the time the account is initialized or if the ¡Folder administrator enforces the 
encryption option from the iFolder Management Console. 


iFolder uses RSA encryption to encrypt the username and password and Blowfish encryption to 
encrypt the user data when it travels between the iFolder client and server. If data encryption is 
enabled, the data is actually encrypted as it travels across the wire to the iFolder server and is stored 
in its encrypted state on the iFolder server. However, the data is never stored encrypted on the local 
workstation. 


When a user logs in, the iFolder client authenticates to the iFolder server by sending the encrypted 
username and password to the iFolder server. The iFolder server uses the user ID and password to 
perform an LDAP bind to an LDAP server. After the LDAP bind is successful, LDAP verifies that 
the user is connected to the correct iFolder server. If the user is on a different server, his request is 
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directed to the correct server. iFolder uses the LDAP server to store its configuration settings and 
to specify what iFolder server the user is assigned to; this is how iFolder handles redirection. 


When iFolder is installed and the Admin logs in to the iFolder Management Console, the Global 
Settings LDAP schema is extended and the following LDAP objects are added: 


+ iFolderLDAP 

¢ iFolderServer 

+ iFolderServerAgentObject 
¢ iFolderSettings 


For more information on the attributes associated with these objects, see “Logging In to the iFolder 
Management Console” on page 90. 


Synchronization 


After the initial login via the iFolder client, a user can begin to add files to his local iFolder 
directory, and automatic synchronization begins. The iFolder client is always aware of any local 
activity and, based on the synchronization preferences chosen by you or the user, the iFolder client 
regularly asks the iFolder server for a download of any new data. After the iFolder server 
downloads the data, it uploads any updates from the iFolder local directory. When the user 
accesses his account from a different computer, the iFolder server first downloads any updates 
before uploading the iFolder client changes. 


Every time the iFolder client logs in to the iFolder server, it compares filemaps (metadata that 
describes information about the actual file in your local iFolder) and dirmaps (metadata 
information on your local iFolder directory) between itself and the iFolder server. Filemaps and 
dirmaps are located on the local workstation at c:\program files\novell\iFolder\username\home. If 
discrepancies are found between the filemaps and dirmaps, the iFolder client first downloads the 
new files from the server and then uploads any new local files. When files are uploaded or 
downloaded between the iFolder server or client, only the changes, not the whole file, are sent on 
a4 KB block level across the wire. This results in fast download and uploads times, even at slower 
modem speeds. 


IMPORTANT: There are some applications that rewrite the complete file regardless of how minor the change. 
Microsoft Word, for example, behaves like this. Thus, if the application that you are using completely rewrites 
the file, iFolder will recognize it as 100% new content and synchronize the whole file. 


The iFolder server then receives these new files and adds them to its sync index, which lists the 
current state of the file system. The iFolder sync index is very small, consisting of only four bytes. 


Whenever the sync indexes match between the iFolder server and the client, iFolder knows that no 
changes have been made. When that same user logs in from another workstation, the iFolder client 
compares its sync index to the iFolder server’s sync index and then downloads any changes. All 
along, the iFolder client is monitoring the file system and caching any changes. If there is a conflict 
between files, iFolder uses time stamps to resolve it. The newest time stamp wins and the old file 
is placed in the Conflict Bin, accessed through the iFolder system tray menu on the local 
workstation. For more information about the Conflict Bin, see “Using the Conflict Bin” on 

page 117. 
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Coexistence and Migration Issues 


One of the top priorities in designing Novell® Open Enterprise Server (OES) was to ensure that 

new OES components, running on either NetWare® or Linux, can be introduced into an existing 
network environment without disrupting any of the products and services that are in place. It was 
also deemed important that there be a clear migration path for moving existing products or services 
and related data onto the OES platform. 


This chapter discusses the issues involved in the coexistence and migration of the DNS server in 
OES. It is divided into the following sections: 


+ “Coexistence” on page 143 


+ “iFolder 2.x Migration Issues” on page 144 


For a general discussion of coexistence and migration issues in OES, see the OES Coexistence and 
Migration Guide 


Coexistence 


This section provides information regarding the coexistence of NetWare 6.5 ¡Folder server with 
SUSE® LINUX Enterprise Server. 


Compatibility 


The following table summarizes the compatibility of ¡Folder server with various network 
operating systems. 


NetWare Operating System NetWare 6.5 (SP1 or later) 


Linux Operating System SUSE LINUX Enterprise Server 9 (SP 1) 


Coexistence Issues 


The following issues are seen when there are several ¡Folder servers running on different OS under 
same tree: 


¢ Installation of ¡Folder 2.x server on Linux automatically creates an iFolder_serverxx object 
for that server in the tree. But on installation of ¡Folder 2.x server on NetWare, the 
administrator needs to manually create the ¡Folder _serverxx object for NetWare ¡Folder 
server. For manual creation of the iFolder_serverxx object go to ¡Folder Management Console 
> Global Settings > iFolder Servers > Add. For additional details, refer to “Configuring 
iFolder on Additional Servers” on page 98 


¢ User information of iFolder accounts created on an iFolder Linux server can be only accessed 
from the (Folder Management Console running on that server. A "Redirection failed!!." error 
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is displayed if you try to access the user information for an ¡Folder user whose account is on 
a Linux server different from the one on which ¡Folder Management Console is running. 


iFolder 2.x Migration Issues 


This section provides information on how to migrate a previous installation of iFolder 2.x to a 
server running Novell® Open Enterprise Server (OES). 


Migration Tools 
+ NetWare Migration Wizard 8.0 
+ Novell Server Consolidation Utility 4.0 


Recommended Procedure for NetWare-to-NetWare Migrations 


You can use either the NetWare Migration Wizard or the Server Consolidation Utility to migrate 
¡Folder data from a NetWare source server to an OES NetWare destination server. 


+ The NetWare Migration Wizard is used when you are performing a server hardware upgrade 
at the same time as you migrate the data. After the migration, the new server replaces the old 
server and assumes its server name and IP address. 


+ The Server Consolidation Utility is used to copy ¡Folder data from an old NetWare server to 
an existing OES NetWare server. The old server can continue to exist and retains its server 
name and IP address. 


Follow the instructions below for the type of migration you require. 


¡Folder Migration Using NetWare Migration Wizard 


1 Follow the steps in the NetWare Migration Wizard 8.0 documentation (http:// 
www.novell.com/documentation/migwiz80) to migrate data from NetWare 5 or NetWare 6. 


In preparation for the migration, you will install a new OES NetWare server using the Pre- 
Migration Server pattern. This is your destination server. 


1a As you model your migration project, drag and drop the ¡Folder data directory from the 
source server to the destination server. 


The ¡Folder data directory is the value of the ‘iFolderUserRoot’ in the ¡Folder 
configuration file sys:\apache2\iFolder\server\httpd_ifolder_nw.conf. 


You can locate the iFolder directory anywhere you like on the destination server. 


In the Copy File System Data step, the dropped directories are copied to the destination 
server according to your migration project model. 


1b Complete the server migration procedure as outlined in the NetWare Migration Wizard 
documentation. 


When the migration is complete, the old server is brought down and the new OES 
NetWare server takes its place. 


2 After the destination server is up and running, install iFolder on the destination server and 
provide the path of the migrated iFolder data directory as an install parameter for the iFolder 
data folder. 


NOTE: For fully functional iFolder, install iManager 2.5 and NetStorage. 


144 Novell iFolder 2.1 Installation and Administration Guide 


Novell Confidential 


Manual (ENU) 21 December 2004 


3 Start iFolder. 


iFolder Migration Using the Server Consolidation Utility 


1 Install a new OES NetWare server as your destination server for the ¡Folder data. 


See the OES for NetWare Installation Guide (http://www.novell.com/documentation/oes/ 
install-nw/data/hz8pck9v.html) for server installation instructions. 


Follow the instructions in the Server Consolidation Utility 4.0 documentation (http:// 
www.novell.com/documentation/servercon40) to copy the necessary ¡Folder data from the 
source server to the destination server. 


2a As you model your consolidation project, drag and drop the iFolder data directory from 
the source server to the destination server. 


The ¡Folder data directory is the value of the ‘iFolderUserRoot’ in the ¡Folder 
configuration file sys:\apache2\iFolder\server\httpd_ifolder_nw.conf. 


You can locate the iFolder directory anywhere you like on the destination server. 


In the Run the Consolidation step, the dropped directories are copied to the destination 
server according to your consolidation project model. 


2b Complete the server consolidation procedure as outlined in the NetWare Migration 
Wizard documentation. 


Install iFolder on the destination server and provide the path of the migrated iFolder data 
directory as an install parameter for the iFolder data folder. 


Modify the iFolder_Idapxx and iFolder_serverxx objects for the source server to contain the 
IP address of the destination server. Modify the iFolderLDAPDNSorIP attribute of the 
iFolder_ldapxx object and the attributes iFolderServerDNSorIP and 
iFolderServerSecureDNSorIP of the iFolder_serverxx object for the source server to contain 
the DNS or IP address of the destination server .This can be done using ¡Manager or 
ConsoleOne®. 


5 Start iFolder. 


Post-Migration Issues 


After the iFolder migration, NetStorage users are prompted to enter their passphrase. 
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Upgrading from iFolder Standard Edition to 
¡Folder 2.1 


The Novell® iFolder® 2.1 server installation supports upgrading from Novell iFolder Standard 
Edition (1.x) in the install program for all operating systems that have valid upgrade paths. For 
information about valid upgrade paths, see “Upgrade Scenarios for iFolder” on page 26. 


IMPORTANT: You might need to follow a manual upgrade process if you have a large number of users who 
have extended characters in their passphrases. You must also follow special precautions if you decide to 
concurrently use both iFolder 1.x and iFolder 2.1 systems. 


This section discusses the following: 
+ “Conflict in the Passphrase Storage Method between ¡Folder 1.x and ¡Folder 2.1” on page 147 
+ “Upgrading Manually from iFolder 1.x to ¡Folder 2.1” on page 147 


+ “Compatibility Issues between ¡Folder Client and Server Versions” on page 148 


Conflict in the Passphrase Storage Method between ¡Folder 1.x and 


¡Folder 2.1 


If you have a large number of users who have extended characters in their passphrases, do not use 
the automatic uninstall function in the ¡Folder server installation program. Instead, manually 
uninstall the ¡Folder 1.x from your system and install the ¡Folder 2.1 version. 


In a direct upgrade, the ¡Folder 2.1 client will not recognize the passphrase used by the ¡Folder 1.x 
client because the two clients use different formats for storing the encryption passphrase. The 
¡Folder 1.x client uses an ANSI hash and the ¡Folder 2.1 client uses a Unicode* format. Whenever 
a user attempts to access an ¡Folder account through the Java applet, the login will fail and return 
a message prompting the user to contact the ¡Folder administrator to change the passphrase. 


To avoid this problem, first uninstall ¡Folder 1.x and remove the user accounts from your existing 
¡Folder server. Then, install iFolder 2.1 on your server. 


After installing and configuring the ¡Folder 2.1 server, the users must install the ¡Folder 2.1 client 
on their workstations and log in to the iFolder server. The initial iFolder client login will prompt 
the users to enter a new passphrase. They can enter the old passphrase if they want to, because 
iFolder doesn’t need a new passphrase; it simply needs to store the passphrase in a format that it 
can recognize. 


By manually uninstalling ¡Folder 1 x and installing ¡Folder 2.1, you avoid the time-consuming task 
of manually removing each user account as the users report that they cannot log in. 


Upgrading Manually from iFolder 1.x to iFolder 2.1 


4 Stop the ¡Folder service or the Web server service on the server that you are going to upgrade. 
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2 Uninstall iFolder Standard Edition on the server that you want to upgrade. 
3 Install iFolder 2.1, using one of the following methods. 


+ NetWare: Follow the instructions in Chapter 4, “Installing iFolder 2.1 on NetWare,” on 
page 33. 


+ Windows 2000: Follow the instructions in “Installing ¡Folder on Windows/IIS/ 
eDirectory” on page 39. 


+ Red Hat Linux 8: Follow the instructions in “Installing iFolder 2.1 on Red Hat Linux 8” 
on page 47. 


4 If LDAP is running on the same server that holds your User objects, no additional LDAP 
configuration is required, and you can skip to Step 5 on page 148. 


However, if your LDAP server does not contain your User objects, do either of the following: 


+ Inthe iFolder Management Console, add your user contexts to your settings for the User 
LDAP directory. 


To do this, log in to the Global Settings section of the ¡Folder Management Console, click 
User LDAPs, click the server name you are upgrading, enter the context of your User 
objects, then click Update. 


+ Add the LDAP directory that contains your User objects in the ¡Folder Management 
Console. 


To do this, log in to the Global Settings section of the ¡Folder Management Console, then 
click User LDAPs. 


For instructions, see “Managing User LDAP Servers” on page 123. 
5 In the iFolder Management Console, click Global Settings > iFolder Servers. 
6 Select the server you just upgraded to iFolder 2.1. 
7 Click Upgrade. 


This will assign the iFolder attribute to the iFolder users on the server that you just upgraded. 
This attribute authorizes your iFolder users to access the upgraded iFolder server. 


8 After installing iFolder 2.1 server, have the users install the iFolder 2.1 client on their 
workstations and log in to the iFolder server. The initial iFolder client login will prompt the 
users to enter a new passphrase. They can enter the old passphrase if they want to, because 
iFolder doesn’t need a new passphrase; it simply needs to store the passphrase in a format that 
it can recognize. 


For additional information: 


¢ Installing iFolder on Additional Servers: See “Configuring iFolder on Additional Servers” 
on page 98. 


+ Managing iFolder: See “Accessing ¡Folder Web Interfaces” on page 85. 


Compatibility Issues between iFolder Client and Server Versions 


The iFolder 2.1 client cannot access an iFolder 1.x server; similarly, an iFolder 1.x client cannot 

access an iFolder 2.1 server. If you have multiple iFolder versions available in your environment, 
make sure your users have the right client software for accounts located on different servers. Make 
sure the users understand that they must access the iFolder server with the correct version of the 

iFolder client. For example, use the iFolder 2.1 client to access files on an iFolder 2.1 server. 
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Configuring iFolder on Novell Cluster Services 


This section discusses how to configure Novell® iFolder® 2.1 on Novell Cluster Services™. It 
discusses the following topics: 


+ “References for Setting Up Clusters on NetWare” on page 149 
+ “Configuring an ¡Folder Server Cluster on NetWare 5.1 and 6.0” on page 149 
+ “Configuring an ¡Folder Server Cluster on NetWare 6.5 and Later” on page 151 


References for Setting Up Clusters on NetWare 


Before you configure Novell iFolder 2.1 on Novell Cluster Services (NCS), you should have a 
basic understanding of how NCS works. The information in this section outlines only the basic 
steps for setting up Novell Cluster Services. 


Consult the following references for setting up a cluster on NetWare®: 


+ NetWare 5.1: Novell Cluster Services Overview and Installation Guide for NetWare 5.1 
(http://www.novell.com/documentation/lg/ncs) 


+ NetWare 6: Novell Cluster Services Overview and Installation Guide for NetWare 6.0 (http:/ 
/www.novell.com/documentation/lg/ncs6p/index.html) 


NetWare 6.5: Novell Cluster Services 1.7 Administration Guide 


NOTE: Novell Cluster Services runs only on NetWare software. 


Configuring an iFolder Server Cluster on NetWare 5.1 and 6.0 


In NetWare 5.1 and 6.0, the iFolder 2.1 server software resides and runs on the primary server. 
Each server node must have its own copy of the software. 


To configure Novell iFolder on Novell Cluster Services: 
1 Install iFolder on all NetWare servers in the cluster that you want to run iFolder. 
See Chapter 4, “Installing iFolder 2.1 on NetWare,” on page 33. 
2 Stop the iFolder service on one of your iFolder servers in the cluster. 
This will be your passive-standby iFolder server that iFolder will fail over to. 
3 Create an NSS volume to use as the central repository of iFolder user accounts and data. 


The size of this volume will vary, based on the number of iFolder users you plan to support 
and the storage quota allocated per user. 


Do one of the following: 
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+ NetWare 5.1 Support Pack 5: Create a Novell Storage Service (NSS) volume on your 
shared storage disk system, commonly referred to as a storage area network or SAN. 


+ NetWare 6 or later: Create an NSS volume on a pool. If a pool already exists, make sure 
there is enough space on the pool for the NSS volume that you plan to make. 


4 Enable the NSS volume for clustering by assigning an IP address or DNS name to the cluster- 
enabled volume. 


Do one of the following: 


+ NetWare 5.1 Support Pack 5: Enable clustering on the NSS volume that you created in 
Step 3 on page 149. 


+ NetWare 6.0 or later: Enable clustering on the pool you created in Step 3 on page 149. 
(Enabling clustering on the pool automatically enables clustering on its NSS volume.) 


Remember the IP address of the user-database volume; you will need it in Step 6 on page 150. 


5 Create a directory on the cluster-enabled volume where you want to store the iFolder user 
database. 


6 On one of the active iFolder servers in the cluster, edit the 
sys:\apache\ifolder\server\httpd_additions_nw.conf file to set parameters for the LDAP Host, 
iFolderServerRoot, and Virtual Host. The parameters must be modified in the listings for the 
unsecured port (usually Port 80) and for the secured port (usually Port 443). 


Modify the following parameters: 


+ LDAP Host: Set this (for Port 80 and Port 443) to the DNS name or IP address (such as 
Idap1.your-domain-name.com or 192.168.1.1) that you assigned to the cluster-enabled 
volume in Step 4 on page 150. 


+ iFolderServerRoot: Set this (for Port 80 and Port 443) to the directory that you created 
on the cluster-enabled volume in Step 5 on page 150. 


For example, if your cluster-enabled volume was called sharedvol and you had created a 
folder on that volume called nifdir, you would set the iFolderServerRoot to 
sharedvol:\nifdir. 


¢ Virtual Host: Set this (for Port 80 and Port 443) to the DNS name or IP address (such as 
Inifl .your-domain-name.com or 192.168.1.1) that you assigned to the cluster-enabled 
volume in Step 4 on page 150. 


When you are finished, save your edits. 


7 Copy the edited httpd_additions_nw.conf file to the passive-standby ¡Folder server that you 
set up in Step 2 on page 149. 


8 Ona different active ¡Folder server in the cluster, edit the 
sys:\apache\ifolder\server\httpd.conf file to set parameters for the Listen, ServerName, and 
SecureListen. 


Modify the following parameters: 


+ Listen: Set this parameter to the IP address or DNS name of the cluster-enabled volume 
by either adding a new Listen parameter or modifying an existing one. 


+ ServerName: By default, this parameter displays the IP address of the server. Replace 
this IP address with the IP address or DNS name of the cluster-enabled volume. 


+ SecureListen: Change the IP address in the SecureListen ipaddress SSL CertificateIP 
parameter to the IP address or DNS name of the cluster-enabled volume. 
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When you are finished, save your edits. 


9 Copy the edited httpd.conf file to the passive-standby iFolder server that you set up in Step 2 


on page 149. 


10 Turn off the automatic start on reboot of iFolder on the member servers in the cluster by 


editing the autoexec.ncf file on the following iFolder servers in the cluster: 
+ The iFolder server that you chose to be the passive standby server in Step 2 on page 149. 


+ The iFolder server where you modified the httpd_additions_nw.conf file in Step 7 on 
page 150. 


+ The iFolder server where you modified the httpd.conf file. 


To modify the autoexec.ncf file, comment out the startifolder line. Adding a pound sign (#) in 
front of the line makes it a comment line. For example, 


#startifolder 


The startifolder command allows iFolder to start by default when you reboot your server. 
However, when you use iFolder in a clustered environment, iFolder is started by Novell 
Cluster Services. 


11 Verify that the IP address for your cluster volume resource is correct. 


To view the IP address from your workstation, launch ConsoleOne®, browse to your cluster 
container object, right-click the cluster volume resource, then click Properties > IP address. 


12 Set up Novell Cluster Services to start iFolder by default on reboot of the cluster. 


12a In the Properties dialog box, click Scripts > Cluster Resource Load Script. 
12b Add the following command to the end of the existing load script: 


startifolder 


12c Click Apply. 


13 Set up Novell Cluster Services to stop ¡Folder services by default on the server down 


command. 
13a In the Properties dialog box, click Scripts > Cluster Resource Unload Script. 
13b Add the following commands to the beginning of the existing unload script: 
startifolder 
delay 2 
43c Click Apply, then click Close. 


Novell ¡Folder is now configured for Novell Cluster Services. 


Configuring an ¡Folder Server Cluster on NetWare 6.5 and Later 


In a NetWare 6.5 cluster, the Novell ¡Folder server software resides and runs on an external storage 
location shared by all server nodes in the cluster. You only need to install ¡Folder on the first server. 
Copy the software directory and user data directory to the shared location, then update the ¡Folder 
2.1 configuration to support its new location. 


Install NetWare with Apache on each of the other servers in the cluster, using the Basic pattern 
install option. After you install ¡Folder on the first server, copy the Web server instance of Apache 
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that supports iFolder to the shared location, leaving the admin server instance behind. Update files 
on each member server to point to the Web server instance of Apache for iFolder support. 


This solution assumes that any other Web-based applications for this cluster will also reside in the 
cluster’s shared volume and in the same instance of Apache. By default, the iFolder and Basic 
installations do not allow the POSIX Semantic Agent (PSA) module (psa.nss) to load because PSA 
causes problems for iFolder. 


IMPORTANT: You must make sure that any other Web-based applications you want to install on the cluster 
do not load or need the PSA module. 


Non-Web-enabled applications can be installed on servers in the cluster. If you cluster the non- 
Web-enabled applications, they must share the same shared volume that you defined for the 
cluster. However, if they are not clustered, they do not need to use the shared volume. 


This topic discusses the following: 
+ “Preparing to Configure Your iFolder Server Cluster” on page 152 
+ “Configuring Your ¡Folder Cluster Solution” on page 154 


Preparing to Configure Your iFolder Server Cluster 


Prerequisites for Clustering in NetWare 6.5 


Review the prerequisites for the following components of the clustered Novell ¡Folder 
configuration: 


+ Novell ¡Folder 2.1 on NetWare is discussed in Chapter 3, “Preparing to Install ¡Folder 2.1,” 
on page 23. 


+ Novell Cluster Services for NetWare 6.5 is discussed in the Novell Cluster Services 1.7 
Administration Guide. 


Considerations for the Number of Nodes in the Cluster 


Novell Cluster Services alone does not provide load-balancing services between nodes in the 
cluster. Load-balancing cluster solutions require cluster-aware applications or additional external 
hardware. Because Novell ¡Folder 2.1 is not a cluster-aware application, a load-balancing solution 
based on NetWare and the server hardware alone is not possible. Only one server in the cluster 
operates at any given time. 


An active/passive, two-node cluster is the basic fault-tolerant, high-availability solution. You can 
add multiple passive (standby) servers, 1f desired, for increased availability. In an active/passive 
cluster configuration, one server is active and any other nodes serve as a standby servers. If the 
active server goes down, the Novell Cluster Services software handles the graceful failover to the 
next available server in the cluster. 


The failover is transparent to users logged in to ¡Folder server accounts from the ¡Folder clients. 
Users logged in to the ¡Folder server via a Web browser might need to click Refresh to reactivate 
the link to the server. 


Considerations for Storage Media in the Shared-Disk System 


A Novell Cluster Services solution requires a storage-area-network (SAN) configuration to 
support the sharing of devices between multiple member nodes of the cluster. It is also possible to 
configure a two-node cluster, using two servers connected to a single external storage array, but 
this solution does not offer the same type of connection fault tolerance as a SAN. 
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In a shared-disk cluster, a single disk error can cause a volume failure if fault-tolerant measures 
are not used. Novell Cluster Services does not protect against disk and connection faults. 


To add fault tolerance against a single disk failure to the shared-disk system, you can set up the 
devices you plan to use in the cluster as software RAID 1 (mirrored) devices or as software RAID 
5 (striping with parity) devices. Make the software RAID devices sharable for clustering, then 
assign them as devices in the cluster-enabled pool. For information, see ““Using Software RAID 
Devices to Enhance Data Fault Tolerance and Performance ”” in the Novell Storage Services 
Administration Guide for NetWare 6.5. 


To add fault tolerance against a connection failure, NetWare supports multipath I/O to your storage 
devices. You can specify which path to use as the primary path between the server and the device 
for each member server, then specify the failover priority for other paths. For information, see 
“Configuring Multiple Paths for Access Fault Tolerance”” in the Novell Storage Services 
Administration Guide for NetWare 6.5. 


Considerations for Apache Instances 


In Novell iFolder 2.1 and later, iFolder runs as a module on Apache. Any failure of the module 
causes the Apache instance to fail. This means that if you run multiple applications in a single 
instance of Apache, all the applications fail if one application module fails. 


If you plan to run other applications that use Apache on a clustered server, we recommend that you 
install Novell iFolder first in its own instance of Apache. For information on setting up additional 
instances of Apache on a server, consult the Apache Web site (http://www.apache.org). 


Considerations for the LDAP Server Solution 


As discussed in Chapter 3, “Preparing to Install iFolder 2.1,” on page 23, you must install and 
configure at least one LDAP server before you install Novell iFolder. The LDAP server must be 
in the same local tree as the iFolder server. Although you can point iFolder to the master LDAP 
server or a replica, we recommend you point to the master LDAP server. 


During the installation of iFolder on the primary server, you identify the primary LDAP server that 
the iFolder cluster uses. You specify the LDAP server’s address during the iFolder installation. If 
you change the LDAP server address later, you must change it in the iFolder configuration. After 
the cluster configuration is complete, you can add additional LDAP servers to the list to ensure 
fault tolerance. For information, see “Managing User LDAP Servers” on page 123. 


The LDAP service must always be available to iFolder in the event of failover. Typically, the 
LDAP server can be the same server as the ¡Folder server. However, in a clustered ¡Folder 
configuration, the LDAP server should not reside on any of the member nodes in the cluster. For 
example, if you put the LDAP server on the primary server and that server failed over, then the 
LDAP services would no longer be available to a standby server that becomes active. To ensure 
that the LDAP service is available to any of the nodes that might become active, put your LDAP 
service on a server other than the servers in the cluster, then point iFolder to it. 


If you decide to place an LDAP server replica on every member node, the primary iFolder server 
must be the one that the install points to as the LDAP server. After the cluster install, you need to 
perform the following steps: 


1 With the designated primary server active, use the ¡Folder Management Console to set up the 
additional replicas as alternatives to be used in the event of server failover: 


+ To add an ¡Folder LDAP object for each LDAP replica, refer to “Adding a User LDAP 
Server to the iFolder System” on page 124 
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2 Go to the cluster volume nifvol:\apache2\iFolder\server\httpd_ifolder_nw.conf and replace 
LdapHost JP address with LdapHost 127.0.0.1 (This will point to localhost incase of Cluster 
failover). 


3 Restart the iFolder server. 


Configuring Your iFolder Cluster Solution 


To configure Novell iFolder 2.1 on Novell Cluster Services for NetWare 6.5 and later: 


4 On your Domain Name Service (DNS) server, create a Type A Host Resource record with a 
hostname that you want to assign to your virtual iFolder server. The IP address you associate 
with this hostname is the IP address that you want to assign to the virtual server that represents 
the cluster’s shared pool. 


For example, you could associate nif.your-company-name.com as the DNS hostname of the 

virtual iFolder server with 792.168.1.1 as the IP address of the virtual server that represents 

the cluster’s shared pool. Replace nif.your-company-name.com with the actual DNS hostname 
and /92.168.1.1 with the actual IP address for your implementation. 


2 Using the Novell ¡Folder 2.1 pattern install for NetWare 6.5, install ¡Folder on the server that 
you want to be the primary server in the cluster. 


For instructions, see Chapter 4, “Installing iFolder 2.1 on NetWare,” on page 33. 


In Step 8 on page 35, remember to use the iFolder server’s DNS hostname that you assigned 
to the ¡Folder server in Step 1 on page 154. This allows the installation software to write the 
iFolder DNS hostname to the following locations: 


+ The sys:\apache2\ifolder\server\httpd_ifolder_nw.conf file 

+ The Novell ¡Folder client login window 

+ The Java applet for Web-based access to ¡Folder user accounts 

¢ The PDA HTML for Web-based PDA access to ¡Folder user accounts 


IMPORTANT: After the install, the iFolder service is configured and is running. Do not allow users to log 
into the iFolder server to create accounts yet. 


3 On the primary server, stop the iFolder service. To do this, at the server console prompt, enter 
stopifolder 


4 Using the basic install, install NetWare 6.5 on the other servers that you want to be in the 
iFolder server cluster. This installs Apache 2.0 software along with the NetWare 6.5 operating 
system. 


Because you are copying the Apache 2.0 software, the Novell iFolder software, and the 
iFolder user data directory to a shared volume, you only need to install ¡Folder on the first 
server. 


5 On each server that you want to include in your ¡Folder server cluster, modify the 
sys:\system\admsrvup.ncf file to include the path information for the apache2.nlm file. This 
is necessary because you modify the sys:\system\autoexec.ncf in Step 15 on page 157 to 
remark out the search path. After you copy the Web server instance of Apache to the shared 
volume in Step 10 on page 155, explicitly stating the path to the server’s copy of Apache 
enables you to find the administration instance of Apache for that server. 


Make the following changes on each server in the cluster: 
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5a Map a drive on your workstation to the sys: volume of the server where you want to make 
the change. For example, map sys: to drive letter Z:. 


5b Open the z:\system\admsrvup.ncf (sys:\system\admsrvup.ncf) file in a text editor. 
5c Modify apache2.nlm by prepending it with the path to the file: 
sys:\apache2\apache2.nlm 


For example, change 


load address space = adminsrv apache2.nlm 
to 
load address space = adminsrv sys:\apache2\apache2.nlm 


5d Save and close the file. 


On the primary server, install Novell Cluster Services. For details, see the Novell Cluster 
Services 1.7 Administration Guide. 


Make sure to add all the NetWare 6.5 servers that you want to be members of the iFolder 
cluster. 


Create an NSS volume in a pool in the shared devices in your storage area network. For 
example, create nifvol in the nifpool. 


The basic steps are listed below; see the Novell Storage Services Administration Guide for 
NetWare 6.5 for detailed instructions. 


7a (Optional) For a fault-tolerant shared-disk solution, create software RAID 1 or RAID 5 
devices to use as virtual devices for the shared pool. 


7b Enable sharing on each of the devices that contributes space to the pool that you want to 
share among the cluster server nodes. 


7c Create a pool, using the shared devices and cluster-enable the pool. For example, create 
a new pool named nifpool. 


NSS creates a virtual server for the cluster-enabled pool that has its own IP address. When 
you cluster-enable the pool, you must assign an IP address for this purpose. Because you 
want this virtual server to assume the role of the ¡Folder server for the cluster, you assign 
it the same IP address that you used in Step | on page 154. 


7d Create a volume on the cluster-enabled pool. For example, create a new volume named 
nifvol. 


Volumes in a cluster-enabled pool are cluster-enabled by default. This NSS volume 
becomes the central repository for all ¡Folder software and the ¡Folder user data. The size 
of this volume will vary, based on the number of ¡Folder users you plan to support and 
the storage quota allocated per user. 


On your workstation, map the primary server’s sys: volume to a drive on your workstation. 
For example, map sys: to drive £:, where £ is the drive letter you assign. 


On your workstation, map the primary server’s shared volume that you created in Step 7 on 
page 155 to a drive on your workstation. 


For example, map the nifvol: volume to drive F:, where nifvol is the shared volume’s name 
and F is the drive letter you assign. 


Using a directory browser, copy the Apache2 directory (physically located at sys:\apache2) 
and its contents from the mapped sys: volume to the mapped shared volume. 
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10a In a directory browser, select e:\apache2 on the system volume. 
10b Click Edit > Copy. 

10c Select the mapped drive of the shared volume F:. 

10d Click Edit > Paste. 


A copy of the apache2 directory now resides at fMapache2, which is actually the storage area 
nifvol:\apache2. This enables the Web software to be shared by all the servers in the iFolder 
server cluster. 


You need to leave the original contents of the Apache 2 software on the sys: volume so that 
the administrative services of Apache 2 work properly. 


11 Using a directory browser, move the ¡Folder user data directory (physically located by default 
at sys:\iFolder) and its contents from the mapped sys: volume to the mapped shared drive. 


11a Ina directory browser, select e:liFolder, where ¡Folder is the name of the directory on 
the system volume that you gave to the iFolder user data path in Step 8 on page 35 of the 
iFolder installation. 


11b Click Edit > Cut. 
11¢ Select the mapped drive of the shared volume F:. 
11d Click Edit > Paste. 


The ¡Folder directory is now at f:\iFolder, which is the storage area nifvol:\iFolder shared by 
designated servers in the iFolder server cluster. 


12 Edit the nifvol:\apache2\conf\httpd.conf file you copied to the shared volume in Step 10 on 
page 155. 


12a Ina directory browser, select f:\apache2\conf\httpd.conf. 
12b Open f:\apache2\conf\httpd.conf (nifvol:\apache2\conf\httpd.conf) in a text editor. 


12c Modify all occurrences of sys:/apache2 to nifvol:/apache2, where nifvol is the name of 
your shared volume. 


For example, search for sys:\apache2 and replace it with nifvol:/apache” so that the 
Include directive points to the shared volume for the iFolder configuration file. For 
example, change the following statement: 


Include sys:/apache2/ifolder/server/httpd ifolder nw.conf 
to this: 
Include nifvol:/apache2/ifolder/server/httpd _ ifolder nw.conf 


Make sure to search, using forward slashes and search again, using back slashes in case 
the usage varies within the file. For example, you must also search for sys:\apache2 and 
replace it with nifvolNapache2. 


12d Save and close the file. 


13 Edit the nifvol:\apache2\iFolder\server\httpd_ifolder_nw.conf file you copied to the shared 
volume in Step 10 on page 155. 


13a Ina directory browser, select f:\apache2\iFolder\server\httpd_ifolder_nw.conf. 


13b Open f\apache2\iFolder\server\httpd_ifolder_nw.conf 
(nifvol:\apache2\iFolder\server\httpd_ifolder_nw.conf) in a text editor. 


13c Modify all occurrences of sys: to nifvol:, where nifvol is the name of your shared volume. 
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If the User Data path you set up in the iFolder install is not on the sys: volume, you must 
also search for that volume name and replace it with nifvol:. 


13d Save and close the file. 


14 Edit the sys:\system\ap2webup.ncf file so that the Apache 2.0 software starts the instance of 
Apache that is on the shared volume, then move the modified ap2webup.ncf file and 
ap2webdn.ncf to the apache2 directory on the shared volume (nifvol:\apache2\ap2webup.ncf). 


14a Ina directory browser, select e:\system\ap2webup.ncf. 

14b Open esystemiap2webup.ncf file in a text editor. 

44c Modify sys:\apache2 to nifvol:\apache2. 

14d Save and close the file. 

14e In the directory browser, select e:\system\ap2webup.ncf and e:\system\ap2webdn.ncf. 
14f Click Edit > Cut. 

14g Navigate to the f\apache2 (nifvol:\apache2) directory. 

14h Click Edit > Paste. 


15 On each server that you want to include in your ¡Folder server cluster, edit the 
sys:\system\autoexec.ncf file so that Apache 2 does not start by default when the servers come 
up. Otherwise, each server tries to start the ¡Folder services. You want only Novell Cluster 
Services to have control over starting ¡Folder for the cluster. 


IMPORTANT: If you later install additional software on the cluster that also uses Apache, you might need 
to repeat this step. 


Make the following changes on each server in the cluster: 


15a Map a drive on your workstation to the sys: volume of the server where you want to make 
the change. For example, map sys: to drive letter X:. 


15b In a directory browser, select x:\system\autoexec.ncf. 
415c Open x:\system\autoexec.ncf in a text editor. 


15d Comment out the following commands by placing a pound sign (#) in front of them, as 
shown. 


#search add sys:lapache2 
#ap2webup 


You will only see the ap2webup command on the primary server where you installed 
iFolder. The other server nodes in the cluster will not have the ap2webup line in their 
autoexec.ncf files. 


15e Save and close the file. 
16 Set up Novell Cluster Services to start iFolder by default on reboot of the cluster. 
16a In the ConsoleOne Properties dialog box, click Scripts > Cluster Resource Load Script. 
16b Add the following commands to the end of the existing load script: 
delay 2 
search add nifvol:\apache2 


ap2webup 
416c Click Apply. 
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17 Set up Novell Cluster Services to stop iFolder services by default on the server down 
command. 


17a Inthe ConsoleOne Properties dialog box, click Scripts > Cluster Resource Unload Script. 
17b Add the following commands to the beginning of the existing unload script: 

ap2webdn 
17¢ Click Apply > Close. 


18 You must offline the cluster resources, then online the cluster resources by restarting each of 
the servers in the cluster. For information, see the Novell Cluster Services 1.7 Administration 
Guide. 


When the servers come back up, the Novell ¡Folder primary server will be running ¡Folder and 
the hot-standby servers will be live, waiting to be called to action. 


Novell ¡Folder is now configured for Novell Cluster Services. 
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Interoperability Issues 


This section describes the interoperability of Novell ® iFolder® with the following products: 
+ “BorderManager 3.6 and 3.7” on page 159 
+ “GroupWise 5.5 and Later” on page 160 
e “¡Chain 2.1 and 2.2” on page 160 
+ “NetDrive” on page 161 
+ “ZENworks OnDemand 2.0” on page 161 
+ “SecureLogin” on page 162 


+ “Port Number Assignments and Availability in Novell Products” on page 162 


BorderManager 3.6 and 3.7 


Performance 


If you are using a BorderManager® proxy server to redirect requests to your iFolder server, be 
advised that uploads to the iFolder server are very slow. 


To alleviate this problem, enter the following at the BorderManager server console: 


set tcp delayed ack=off 


iFolder Still Connects When Authenticated Proxy Fails 


If the proxy settings of the ¡Folder client fail, the ¡Folder client tries to connect directly (bypassing 
the proxy). 


When using authenticated proxy, Internal (private) users might still gain access without providing 
authentication credentials if IP forwarding is enabled. To avoid this, simply make sure that IP 
forwarding is disabled on the proxy server. 


Port Conflict 


When proxy authentication is enabled, the default listening port is 443. If iFolder 2.1 and 
BorderManager are running on the same server and proxy authentication is enabled, either iFolder 
or BorderManager will need to listen on a different port. 


NAT Loopback/Boomerang 


If iFolder is running on a private segment and public access is allowed (via NAT), a public access 
address is specified in the iFolder server configuration. All requests to the private address will be 
forwarded to this public address. When trying to access iFolder from the private segment, the user 
will encounter the NAT loopback problem and the connection will fail. 
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The workaround is to use a DNS name as the user access address in the iFolder server 
configuration, and resolve this name to the public address for public users and to the private 
address for internal users. 


GroupWise 5.5 and Later 


Do not try to synchronize your GroupWise® archive by setting a GroupWise archive path to the 
location of your iFolder directory. If you do this, the iFolder client will corrupt the GroupWise 
archive. This happens because iFolder does not synchronize files as a set and GroupWise needs 
the files in the archive to be maintained as a set of files. 


This problem has been identified for GroupWise; however, similar problems might arise with any 
database that is implemented as a collection of linked files. 


iChain 2.1 and 2.2 


There are several iChain® and iFolder compatibility issues, which severely limit the use of iChain 
services for an iFolder system. 


Caching of iFolder Content 


We recommend disabling iChain caching of iFolder content. Because iFolder data is private and 
encrypted, caching might slow, rather than speed, access. 


Using HTTP Instead of HTTPS 


When encryption is enabled, the iFolder client encrypts data with 128-bit Blowfish encryption for 
data transmission and storage on the iFolder server. Thus, iFolder sends all communications 
between workstations and the iFolder server securely, using http (rather than https). 


iChain with Secure Exchange will try to redirect http traffic to https. Because iFolder uses http 
POSTs, and http POSTS cannot be redirected, these connections will fail with an http 409 error. For 
this reason, ¡Chain Secure Exchange will work for HTML access only. 


Disabling Secure Exchange 


If the iFolder server is behind the proxy server with Secure Exchange disabled, then iFolder 
Management, Applet, and HTML (PDA) access methods, which require https, will not work. In 
addition, NetDrive cannot connect to iFolder through iChain if Secure Exchange is enabled. Only 
iFolder client access will work. 


iFolder 2.1 and iChain 2.1 Interoperability Summary 


iChain 2.1 Configuration iFolder 2.1 iFolder 2.1 iFolder 2.1 NetDrive 4.1 ¡Folder 2.1 


Client Applet HTML/PDA Management 
Console 
Authentication = Off Yes Yes No Yes No 


Secure Exchange = Off 


Authentication = Off No No Yes No Yes 
Secure Exchange = On 


Authentication = On No No No No No 
Secure Exchange = Off 
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iChain 2.1 Configuration iFolder 2.1 iFolder 2.1 iFolder 2.1 NetDrive 4.1 ¡Folder 2.1 
Client Applet HTML/PDA Management 
Console 
Authentication = On No No Yes No Yes 


Secure Exchange = On 


¡Folder 2.1 and iChain 2.2 Interoperability Summary 


¡Chain 2.2 Configuration ¡Folder 2.1 ¡Folder 2.1 ¡Folder 2.1 NetDrive 4.1 ¡Folder 2.1 
Client Applet HTML/PDA Management 
Access Console 
Authentication = Off Yes Yes No Yes No 


Secure Exchange = Off 


Authentication = Off No No Yes No Yes 
Secure Exchange = On 


Authentication = On No No No No No 
Authentication Header = Off 
Secure Exchange = Off 


Authentication = On No No Yes No Yes 
Authentication Header = Off 
Secure Exchange = On 


Authentication = On Yes No No No No 
Authentication Header = On 
Secure Exchange = Off 


Authentication = On No No Yes No Yes 
Authentication Header = On 
Secure Exchange = On 


Performance 


If you are using an ¡Chain proxy server to redirect requests to your ¡Folder server, be advised that 
uploads to the ¡Folder server are very slow, even with caching disabled. 


This problem can be alleviated by entering the following at the ¡Chain server console: 


set tcp delayed ack=off 


NetDrive 


If your global client polices include any enforced or hidden settings, the users must log in with the 
iFolder client to create their iFolder user accounts. Users must activate an iFolder account before 
attempting to use NetDrive to access the iFolder server. 


ZENworks OnDemand 2.0 


The DeFrame™ client that ships with ZENworks” OnDemand Services™ 2.0 includes iFolder 
connectivity through NetDrive. This version of NetDrive does not work with iFolder 2.0 and later. 
Use the NetDrive version that is bundled with iFolder. 
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SecureLogin 


SecureLogin will not recognize the iFolder Java applet. 


Port Number Assignments and Availability in Novell Products 


For information about port number assignments and availability in Novell products, see “Port 
Number Assignments” in the NetWare 6 online documentation (http://www.novell.com/ 
documentation/lg/nw6p/index.html?page=/documentation/lg/nw6p/adminenu/data/ 
aclkn27.html). 
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Tips and Tricks for Optimizing iFolder 


This section describes how to optimize the performance of your Novell® iFolder® 2.1 server, 
including the following tips and tricks: 


+ “Optimizing the Available Space” on page 163 

+ “Optimizing Synchronization Delay and Polling Frequency” on page 163 
+ “Increasing Apache Threads” on page 163 

+ “Adding More RAM” on page 164 

+ “Synchronizing ¡Folder Client Data” on page 164 


Optimizing the Available Space 


You can improve the performance of your ¡Folder server by changing the amount of disk space 
allotted to each ¡Folder user. 


Be careful; allotting large amounts of disk space to users could decrease the ¡Folder server”s 
performance. 


Optimizing Synchronization Delay and Polling Frequency 


Change the default sync delay parameters if you have thousands of users and you need to improve 
the ¡Folder server performance. 


Current defaults: 
+ 5-second delay after file activity 
+ 20-second server polling interval 

To improve performance, make the following changes: 
+ 30-second delay after file activity 


+ 1-minute server polling interval 


Increasing Apache Threads 


NetWare Servers 


The default number of threads for Apache running on NetWare® is 150. The maximum number of 
threads is 2,048. Because no persistent connection is maintained, a socket is opened for each 32 
KB of data. This means that you don’t need a thread per user session; however, the iFolder Web 
access does use one thread per connection. 
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To increase your threads: 
1 Open the httpd.conf file that ¡Folder uses. 


2 Search for the ThreadsPerChild parameter and increase the number that is listed. 


The threads directly correlate with the bandwidth of your network cards. If you have a 100 MB 
network card, you can set your threads to 312 and max out the network card. If you have a 1 GB 
card, then you can increase the threads to 2,048 to maximize the card. 


Linux Servers 
Linux can handle up to 20,000 threads. 
To increase your threads: 
1 Open the httpd.conf file that ¡Folder uses. 
2 Increase the default number on the following parameters: 
+ ThreadLimit 
+  MaxClients 
+  ThreadsPerChild 


Adding More RAM 


¡Folder uses 16 KB of memory per ¡Folder active session (or each thread). The minimum 
requirement of RAM for ¡Folder is 256 MB. Adding more RAM will improve your disk caching 
and server performance. 


If you have 
+ Fewer than 2,000 users, use 256 MB of RAM. 
+ Between 2,000 and 4,000 users, increase your memory to 512 MB of RAM. 
+ More than 4,000 users, increase your memory to 1 GB of RAM. 


Synchronizing iFolder Client Data 


For instructions on how to synchronize your Internet Explorer bookmarks, Palm* Desktop 
Database, and Lotus* Notes*, see the Novell ¡Folder 2.1 User Guide. 


Do not try to synchronize your Group Wise? archive by setting a GroupWise archive path to a 
location in your ¡Folder directory. If you do this, the ¡Folder client will corrupt the GroupWise 
archive. This happens because ¡Folder does not synchronize files as a set (it synchronizes just the 
changed portions of a file) and GroupWise needs the files in the archive to be maintained as a set 
of files. 


This problem has been identified for GroupWise; however, similar problems might arise with any 
database that is implemented as a collection of linked files. 
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Frequently Asked Questions 


This section answers typical questions asked by administrators of Novell® iFolder® 2.1 server 
software, including the following: 


+ 


+ 


“What is an iFolder server?” on page 166 


“Can I synchronize my home directory on the network with my local iFolder directory?” on 
page 166 


“Can I restore files if a user has deleted them from a local iFolder directory?” on page 166 
“Are the users’ iFolder files stored encrypted on their local workstations?” on page 166 
“How many directories can each user have in an iFolder account?” on page 166 

“Is there a maximum file size that can be synchronized to the iFolder server?” on page 167 
“What is the maximum storage quota for an iFolder account?” on page 167 


“How many concurrent connections to iFolder accounts does each iFolder server support?” 
on page 167 


“What is the key factor that limits the number of users an iFolder server can support?” on 
page 167 


“When a user makes changes to a file, what portion of the file is sent across the wire to the 
iFolder server?” on page 167 


“What happens to a user’s files if the user changes the location of the local iFolder directory?” 
on page 167 


“After installing iFolder 2.1 on a Microsoft 2000 server with IIS and Active Directory, I 
cannot create an iFolder_ServerAgent.” on page 168 


“After installing iFolder 2.1 on a Microsoft 2000 server with IIS and Active Directory, I 
cannot create a new user with the iFolder Management Console.” on page 168 


“Why do my users have trouble logging in to the iFolder server across the Internet, but can 
log in while on the corporate network?” on page 168 


“When I attempt downloading the iFolder client from the server page, instead of downloading 
the client, it shows junk characters? How can I resolve this?” on page 168 


“Why am I not able to see the available updates even though my redcarpet server has the later 
version of novell-ifolder-client than that I have on my Linux box?” on page 168 


Additional Questions 


For an additional listing of questions and answers that have been submitted by Admins and iFolder 
users, see the following: 


+ 


Ask the Experts section of the ¡Folder Cool Solutions Q&A Collection (http:// 
www.novell.com/coolsolutions/ifmag/ask_the_experts.html) 
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+ Novell iFolder 2.1 User Guide 
“¡Folder 2.1.3 on Windows 2003 Server FAQs” on page 169 


+ “Why is the ¡Folder Administration page displaying error message such as “The application 
called an interface that was marshalled for a different thread”? What can I do to resolve this?” 
on page 169. 


+ “Why is the ¡Folder Advanced Search failing with the error "Bad Request (Invalid URL)"?” 
on page 169. 


+ “The ¡Folder login is failing for a multi-home Web site. What can I do to resolve this?” on 
page 169. 


+ “¡Folder fails to work after renaming domain controller. What can I do to resolve this?” on 
page 169 


What is an iFolder server? 


An iFolder server is simply a server that is running the iFolder server software and some type of 
Web services, like the Apache Web service or IIS Web service. 


Can | synchronize my home directory on the network with my local 
iFolder directory? 


No. iFolder hooks into the local file system; therefore, iFolder is unable to track changes from 
network drives. 


Can l restore files if a user has deleted them from a local iFolder 
directory? 


Yes. However, you will need to restore that user’s iFolder directory from your tape backup to 
another ¡Folder server. See “Restoring Deleted or Corrupted Files” on page 115. 


Are the users’ iFolder files stored encrypted on their local 
workstations? 


No, if an account is enabled for encryption, the ¡Folder data is encrypted only when it travels across 
the connection between the workstation and the server and when it is stored on the iFolder server. 


How many directories can each user have in an iFolder account? 


iFolder supports up to 32,765 directories within a user’s local iFolder directory. If the user exceed 
this number, iFolder stops writing to the local directory and data loss is likely. Typical iFolder users 
are unlikely to exceed this upper limit with normal use. 


Periodically monitor the number of directories in your local iFolder directory. Reorganize your 
folders, as needed, to keep the number of directories below this upper limit. 
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Is there a maximum file size that can be synchronized to the iFolder 
server? 


An individual file must be smaller than 2.5 GB. 


What is the maximum storage quota for an iFolder account? 


The maximum size for an iFolder account is 8 TB. 


How many concurrent connections to iFolder accounts does each 
iFolder server support? 


The iFolder server can support 5,000 to 10,000 concurrent connections to iFolder accounts. 


What is the key factor that limits the number of users an iFolder 
server can support? 


The largest limiting factor on the number of users is the storage capacity available on the iFolder 
server. 


When a user makes changes to a file, what portion of the file is sent 
across the wire to the iFolder server? 
iFolder synchronizes only the changed portions of a file on a 4 KB block level via an active 


network or Internet connection. Only the changes, or delta blocks, are sent across the wire and the 
iFolder server will reconcile the changes. 


What happens to a user’s files if the user changes the location of 
the local iFolder directory? 
The user must manually copy the iFolder files to the new location. To do this, complete the 
following steps: 
4 Double-click the old ¡Folder shortcut on the desktop. 
2 Click Edit > Select All. 
3 Click Edit > Cut. 
4 Close the window. 
5 Double-click the new ¡Folder shortcut on the desktop. 
6 Click Edit > Paste. 


7 Log in and synchronize the files. 
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After installing iFolder 2.1 on a Microsoft 2000 server with IIS and 
Active Directory, | cannot create an iFolder_ServerAgent. 
Look in the Active Directory Users and Computers utility to determine if the user actually exists. 


If it does, it probably means that you do not have a valid Service Pack 3 installed on your Microsoft 
2000 IIS server. Reinstall Service Pack 3. 


After installing iFolder 2.1 on a Microsoft 2000 server with IIS and 
Active Directory, | cannot create a new user with the iFolder 
Management Console. 

Look in the Active Directory Users and Computers utility to determine if the user actually exists. 


If it does, it probably means you do not have a valid Service Pack 3 installed on your Microsoft 
2000 IIS server. Reinstall Service Pack 3. 


Why do my users have trouble logging in to the iFolder server 

across the Internet, but can log in while on the corporate network? 
The browser is probably picking up the private IP address of the iFolder server instead of the public 
IP address. To solve this problem, make sure that the public IP address is the one used in the 
ifolder_nav.html file in the sys:\apache\if older\documentroot\html directory. Then enter a static 


NAT that translates the public IP address to the private IP address, and make sure that the ports 
used for iFolder are not blocked at the firewall. 


When | attempt downloading the iFolder client from the server 
page, instead of downloading the client, it shows junk characters? 
How can I resolve this? 

The Apache web server does not recognise the .rpm extension of the ¡Folder client for Linux and 


sends the file across as text. This causes the rpm to be displayed as junk characters instead of 
displaying a dialog box to download the client. 


This happens only in case of an upgrade install to OES. OES overlay install should not have this 
problem. 


Right click the Download Linux Client link and select Save Target As to download the client. 


Why am I not able to see the available updates even though my 
redcarpet server has the later version of novell-ifolder-client than 
that | have on my Linux box? 


To view the avaliable updates for ¡Folder client run rug se novell-ifolder-client at 
the command line. 


To upgrade to new client, run rug in novell-ifolder-client at the command line. 
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Through redcarpet Software Update client, select Search tab, type novell-ifolder-client 
and click Enter. This lists all the available updates, select the one listed as newer, click Mark for 
Installation, and click Run Now. 


iFolder 2.1.3 on Windows 2003 Server FAQs 


Why is the iFolder Administration page displaying error message such as “The 
application called an interface that was marshalled for a different thread”? What 
can | do to resolve this? 


The reason for this could be that the ITS Web site is configured to run in the ITS 5.0 isolation mode 
with security level set to Medium. 


To resolve this, set the Security level to Low. 


Why is the iFolder Advanced Search failing with the error "Bad Request (Invalid 
URL)"? 


The advanced search might be made on a context. Use the simple search page to search for the 
users. 


The ¡Folder login is failing for a multi-home Web site. What can I do to resolve this? 


To resolve this, use the IP address instead of DNS name for the following settings: 


UA The iFolderServerDNSorlIP and iFolderServerSecureDNSorIP attributes of the ¡Folder Server 
object 


To do this, 
1 In the ¡Folder Administration page, select the Global Settings > (Folder Servers. 


2 In the iFolder Servers page, select the Server for which the multi-home Web site login is 
failing. 


3 In the Host DNS or IP field of the selected server page, change the DNS name of the server 
to the IP address. 


U Connection information for the client login. 


U In the registry key located at 


My Computer\H KEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\iFolderServer 


Change the following: 
+ Replace the value of iFolderServerDNSorIP with the IP address of the ¡Folder Server. 
+ Replace the value of ServerDNSorIP with IP address of the ¡Folder Server. 


iFolder fails to work after renaming domain controller. What can | do to resolve 
this? 


In the registry key located at 


My Computer\H KEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\iFolderServer 
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Change the following attribute values, if applicable, from old Domain Controller name to new/ 
changed Domain controller name. 


+ iFolderServerDNSorIP 
+ LdapHost 
+ ServerDNSorIP 


Restart the IIS. 
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Uninstalling iFolder 2.1 on a Red Hat Linux 8 
Server 


This section describes the following uninstall tasks for Novell® iFolder® 2.1 as installed on Red 
Hat Linux 8: 


+ “Uninstalling ¡Folder 2.1 from a Red Hat Linux 8 Server” on page 171 
+ “Removing ¡Folder 2.1 Objects from the eDirectory Schema” on page 171 


+ “Uninstalling Apache 2.0.43” on page 172 


To uninstall ¡Folder 2.1.2 on supported versions of Enterprise Linux, see “Uninstalling NNLS 
Components” in the Novell Nterprise Linux Services Installation Guide. 


Uninstalling ¡Folder 2.1 from a Red Hat Linux 8 Server 


41 Stop Apache by entering this line at the command prompt: 
/usr/local/apache2/bin/apachectl stop 

2 To remove the ¡Folder files, enter these lines at the command prompt: 
cd /root 
rm -rf /usr/local/ifolder < program files > 
rm -rf /usr/local/ifolderdata < user data > 

3 To go to the /usr/local/apache2/conf/ directory, enter this line at the command prompt: 
cd /usr/local/apache2/conf 

4 Using a text editor, remove the following line from the /usr/local/apache2/conf/httpd.conf file: 
include /usr/local/ifolder/Server/httpd ifolder unix.conf 

5 Start Apache by doing one of the following: 
+ For clear text, enter the following command: 

/usr/local/apache2/bin/apachectl start 

+ For SSL, enter the following command: 


/usr/local/apache2/bin/apachectl startssl 


Removing ¡Folder 2.1 Objects from the eDirectory Schema 


4 Start ConsoleOne® by entering this line at the command prompt: 


/usr/ConsoleOne/bin/ConsoleOne 
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2 Select the tree in the eDirectory schema. 
3 Click File > Authenticate. 
4 Expand the tree, then select the organization. 
Objects appear in the right panel. 
5 Delete all users who were made iFolder users. 
6 Delete the following objects: 
+ ¡Folder _ServerAgent 
+ ¡Folder Settings 
+ ¡Folder _IdapXX 
+ ¡Folder _serverXX 
7 Remove the ¡Folder eDirectory schema extensions. 
7a Click Tools > Schema Manager > Classes. 
7b Delete the following: 
+  1FolderLDAP 
+  ¡FolderServer 
+ iFolderSettings 
+  1FolderUser 
7c Click Tools > Schema Manager > Classes. 
7d Delete the 14 items that begin with iFolder*. 
8 Close ConsoleOne. 


Uninstalling Apache 2.0.43 


To remove Apache 2.0.43 from your Linux server, enter this line at the Linux command prompt: 


rm -rf /usr/local/apache2 
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Product History of iFolder 


This section compares the different versions of Novell® iFolder® to clarify which operating 
systems, directories, and other components are supported in each of the following versions of 
iFolder: 


+ ¡Folder Standard Edition 


+ ¡Folder 1.0: Independent product release that includes cross-platform support for 
NetWare and Windows 


¢ iFolder 1.01: Bundled release for support of Novell NetWare® 6 


¢ iFolder 1.03: Bundled release for support of Novell NetWare 6 with Support Pack 1 
(Consolidated Support Pack 8) 


¢ iFolder 2.0 Professional Edition: Independent product release for additional cross-platform 
support of Linux and UNIX 


+ ¡Folder 2.1 


+ ¡Folder 2.1: Independent product release for additional support of Microsoft Active 
Directory with Windows 2000 with Service Pack 3 


+ ¡Folder 2.1.1: Bundled release with Novell NetWare 6.5 for support of only Novell 
NetWare 6.5 


+ ¡Folder 2.1.2: Bundled release with several products for support of only those operating 
systems 


Novell Nterprise™ Linux Services for support of only the Enterprise Linux operating 
systems, as defined in the Novell Nterprise Linux Services Installation Guide. 


Novell NetWare 6.5 Support Pack 1 for support of only Novell NetWare 6.5 Support Pack 
1 


Novell Nterprise Linux Services Support Pack 1 for support of only the Enterprise Linux 
operating systems, as defined in the Novell Nterprise Linux Services Installation Guide. 
In addition to English, this second release of ¡Folder 2.1.2 included localized versions of 
the ¡Folder 2.1.2 client in German, Spanish, French, Italian, Japanese, Portuguese, and 
Russian. 


+ ¡Folder 2.1.3: Bundled release with Novell ZenWorks 6.5 for support of Windows 2003 
and Windows 2000 server. 


+ ¡Folder 2.1.4: Released with Novell Linux Desktop 9. 


+ ¡Folder 2.1.5: Bundled release with Open Enterprise Server 1.0 for NetWare and Open 
Enterprise Server 1.0 for Linux. 


This section discusses the following topics: 


+ “Network Operating Systems Support” on page 174 
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+ “Directory Services Support” on page 174 

+ “Workstation Operating Systems Support for ¡Folder Client” on page 175 
+ “Web Server Support” on page 175 

+ “¡Folder User Access Support” on page 175 

+ “Feature Support” on page 176 


+ “Server Platform Options Included in Your Release” on page 176 


Network Operating Systems Support 


Network Operating 1.0 1.01 1.03 2.0 2.1 2.1.1 2.1.2 2.1.2 2.1.3 2.1.5 
System (Bundle (Bundled (Bundled (Bundled (Bundle 
d NetWare NetWare Netware dNNLS 
NetWare 6.0 SP1) 6.5) 6.5 SP1) &NNLS 
6.0) SP1) 
NetWare 5.1 SP 3 NA NA SP 4 SP 5 NA NA NA NA NA 
NetWare 6.0 No Yes SP 1 SP 1 SP 2 NA NA NA NA NA 
NetWare 6.5 No No No No No Yes SP 1 NA SP 2 SP 3 
Windows NT 4 Service NA NA Service No No No No NA NA 
Pack Pack 6A 
6A 
Windows 2000 Service NA NA Service Service NA NA NA Yes No 
Pack 1 Pack 2 Pack 3 
Red Hat Linux No No No 7.2 8 NA NA NA No No 
Red Hat Enterprise No No No No No No NA 2.1 No No 
Linux AS 
Red Hat Enterprise No No No No No No NA 2.1 No No 
Linux ES 
SUSE* Linux No No No No No No NA 8 No 9 SP 1 
Enterprise Server 
Sun* Solaris No No No 8 No No No No No No 
Windows 2003 No No No No No No No No Yes No 


Directory Services Support 


LDAP Directory Service 1.0 1.01 1.03 2.0 2.1 2.1.1 2.1.2 2.1.3 2.1.5 
(Bundled) (Bundled) (Bundled) (Bundled) 

Novell eDirectory™ 8.0 8.5 8.5 8.6 8.6.2 8.6.2 8.7.3 8.7.3 8.7.3 

Microsoft Active Directory No No No No Yes NA NA Yes No 
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Workstation Operating Systems Support for iFolder Client 


Workstation Operating System 1.0 1.01 1.03 2.0 2.1 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 
(Bundled (Bundle (Bundled (Bundle 
) d) ) d) 
Windows 95 Yes Yes Yes Yes No No No No No No 
Windows 98 or 98SE 98 98 98 98/ 98/ 98SE 98SE No No No 
98SE 98SE 
Windows ME Yes Yes Yes Yes Yes Yes No No No No 
Windows NT 4 Professional Yes Yes Yes Yes No No No No No No 
Windows 2000 Professional Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 
Windows XP Home and No No No Yes Yes Yes Yes Yes Yes Yes 
Professional 
Novell Linux Desktop No No No No No No No Yes Yes Yes 
SUSE 9.2 No No No No No No No No No Yes 
Web Server Support 
Web Server 1.0 1.01 1.03 2.0 2.1 2.1.1 2.1.2 2.1.3 2.1.5 
(Bundled) (Bundled) (Bundled) (Bundled) 
Apache on NetWare 1.3.20 1.3.20 1.3.20 1.3.26 1.3.27 1.3.27 1.3.27 Yes Yes 
Apache on Linux or Solaris NA NA NA 2.0.39 2.0.43 NA 2.0.48 NA Yes 
IIS on Windows NT 4 Service NA NA Service No No No NA No 
Pack 6A Pack 6A 
IIS on Windows 2000 Service NA NA Service Service NA NA Yes No 
Pack 1 Pack 2 Pack 3 
IIS on Windows 2003 NA NA NA Service Service NA NA Yes No 
Pack 2 Pack 3 
iFolder User Access Support 
iFolder User Access Method iFolder Standard iFolder 2.0 iFolder 2.1 iFolder 2.1.4 iFolder 2.1.5 
Edition (1.0, 1.01, Professional (2.1, 2.1.1, 
1.03) Edition 2.1.2,2.1.3) 
Novell iFolder Windows client Yes Yes Yes No Yes 
Novell iFolder Windows client, using No Yes Yes, plus No Yes 
a proxy authentication 
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iFolder User Access Method iFolder Standard iFolder 2.0 iFolder 2.1 iFolder 2.1.4 iFolder 2.1.5 
Edition (1.0, 1.01, Professional (2.1, 2.1.1, 
1.03) Edition 2.1.2,2.1.3) 
Web browser support IE 5.0 or 5.5 IE 5.0 or later IE 5.0 or later No IE 5.0 or 
later Mozilla 
Netscape* 4.7 Netscape 4.7; not Netscape 7 1.7 FireFox 
6.0 
Mozilla 1.4 TOKDE 32 
Konqueror 
Safari 1.2 
Web browser access (HTML or No Yes Yes No Yes 
PDA) 
iFolder Java applet No Sun JVM 1.3 For 2.1 and 2.1.1: No No 
Sun JVM 1.3 to 
1.4.1_02 
for 2.1.2: Sun 
JVM 1.4.1_02 
Thin client support via Novell No 4.1 4.1 No Yes 
NetDrive 
Novell iFolder Linux client Yes Yes 
Thin Client Support via NetStorage Yes Yes 
Feature Support 
Feature iFolder Standard iFolder 2.0 iFolder 2.1x iFolder 2.1.5 


Edition (1.0, 1.01, 1.03) 


Professional Edition 


Passphrase recovery No Yes Yes Yes 
Large-scale deployment of multiple No Yes Yes Yes 
iFolder servers 

User control of location of local iFolder No Yes Yes Yes 
directory 

Report generator No Yes Yes Yes 
iFolder Linux client No No No Yes 
Download iFolder Linux client from No No No Yes 
iFolder server page 

NetStorage as default web client No No No Yes 


Server Platform Options Included in Your Release 


If you purchase an independent release of Novell iFolder, it contains all of the platforms supported. 
However, if your release is bundled with an operating system, the bundle contains support for only 
that operating platform. The following table shows the operating platforms you can expect in your 
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release of Novell iFolder. See “Network Operating Systems Support” on page 174 to see the 
versions of the operating systems that your release supports. 


Network Operating 1.0 1.01 1.03 2.0 2.1 2.1.1 2.1.2 2.1.2 2.1.3 2.1.5 
System (Bundled (Bundled (Bundled (Bundled (Bundled 

NetWare NetWare NetWare NetWare NNLS 8 

6.0) 6.0 Sp1) 6.5) 6.5SP1) NNLS 

SP1) 

NetWare 5.1 Yes No No Yes Yes No No No No No 
NetWare 6.0 No Yes Yes Yes Yes No No No No No 
NetWare 6.5 No No No No No Yes Yes No Yes Yes 
Windows NT 4 Yes No No Yes No No No No No No 
Windows 2000 Yes No No Yes Yes No No No Yes No 
Red Hat Linux 8 No No No Yes Yes No No No No No 
Red Hat Enterprise No No No No No No No Yes No No 
Linux AS 2.1 
Red Hat Enterprise No No No No No No No Yes No No 
Linux ES 2.1 
SUSE Linux Enterprise No No No No No No No Yes No No 
Server 8 
Sun Solaris No No No Yes No No No No No No 
Windows 2003 No No No No No No No No Yes No 
SUSE Linux Enterprise No No No No No No No No No Yes 


Server 9 


If you have a bundled version of iFolder and you want to use it on another operating platform, you 
can purchase the full product and download Novell iFolder 2.1 at the Novell Product Downloads 
Web site (http://download.novell.com). 
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